Export limit exceeded: 29897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29897 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4223 | 1 Utopia Software | 1 Utopia News Pro | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | ||||
| CVE-2006-4803 | 1 Netiq | 1 Identity Manager | 2026-04-16 | N/A |
| The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." | ||||
| CVE-2006-2194 | 1 Point-to-point Protocol Project | 1 Point-to-point Protocol | 2026-04-16 | N/A |
| The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges. | ||||
| CVE-2004-2655 | 2 Redhat, Xscreensaver | 2 Enterprise Linux, Xscreensaver | 2026-04-16 | N/A |
| rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen. | ||||
| CVE-2004-2654 | 1 Squid | 1 Squid | 2026-04-16 | N/A |
| The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5. | ||||
| CVE-2006-0809 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | ||||
| CVE-2006-2725 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2004-2648 | 1 Faronics | 1 Freezex | 2026-04-16 | N/A |
| FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file. | ||||
| CVE-2006-0811 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. | ||||
| CVE-2006-0812 | 1 Visnetic | 1 Visnetic Antivirus Plug-in For Mail Server | 2026-04-16 | N/A |
| The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. | ||||
| CVE-2004-2641 | 1 Sun | 2 Netra 1280, Sun Fire | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set. | ||||
| CVE-2006-0814 | 1 Lighttpd | 1 Lighttpd | 2026-04-16 | N/A |
| response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. | ||||
| CVE-2004-2640 | 1 Ryszard Pydo | 1 Linuxstat | 2026-04-16 | N/A |
| Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter. | ||||
| CVE-2006-4796 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). | ||||
| CVE-2000-0484 | 1 Max Feoktistov | 1 Small Http Server | 2026-04-16 | N/A |
| Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service. | ||||
| CVE-2006-4795 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2001-0868 | 1 Redhat | 1 Stronghold | 2026-04-16 | N/A |
| Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve system information via an HTTP GET request to (1) stronghold-info or (2) stronghold-status. | ||||
| CVE-2006-0817 | 3 Deerfield, Icewarp, Merak | 3 Visnetic Mail Server, Web Mail, Mail Server | 2026-04-16 | N/A |
| Absolute path directory traversal vulnerability in (a) MERAK Mail Server for Windows 8.3.8r with before IceWarp Web Mail 5.6.1 and (b) VisNetic MailServer before 8.5.0.5 allows remote attackers to include arbitrary files via a full Windows path and drive letter in the (1) language parameter in accounts/inc/include.php and (2) lang_settings parameter in admin/inc/include.php, which is not properly sanitized by the securepath function, a related issue to CVE-2005-4556. | ||||
| CVE-2006-2726 | 1 Fastpublish | 1 Fastpublish Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php. | ||||
| CVE-2005-4234 | 1 Powerdev | 1 Encapsgallery | 2026-04-16 | N/A |
| SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||