Export limit exceeded: 347809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2026-04-16 | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | ||||
| CVE-2005-1264 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589. | ||||
| CVE-2006-0685 | 1 Virtual Hosting Control System | 1 Virtual Hosting Control System | 2026-04-16 | N/A |
| The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access. | ||||
| CVE-1999-0532 | 2026-04-16 | N/A | ||
| A DNS server allows zone transfers. | ||||
| CVE-1999-0864 | 1 Sco | 1 Unixware | 2026-04-16 | N/A |
| UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. | ||||
| CVE-2005-1287 | 1 Bk Dev | 1 Bk Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp. | ||||
| CVE-2000-0449 | 1 Omnis | 1 Studio | 2026-04-16 | N/A |
| Omnis Studio 2.4 uses weak encryption (trivial encoding) for encrypting database fields. | ||||
| CVE-2005-1315 | 1 Horde | 1 Turba | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2002-0624 | 1 Microsoft | 2 Msde, Sql Server | 2026-04-16 | N/A |
| Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure." | ||||
| CVE-2006-0695 | 1 Ansilove | 1 Ansilove | 2026-04-16 | N/A |
| Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory. | ||||
| CVE-2005-1328 | 1 Oneworldstore | 1 Oneworldstore | 2026-04-16 | N/A |
| OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp. | ||||
| CVE-2005-1332 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory. | ||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2026-04-16 | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | ||||
| CVE-2005-1350 | 1 Leif M. Wright | 1 Ad.cgi | 2026-04-16 | N/A |
| The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||
| CVE-2006-2688 | 1 Achievo | 1 Achievo | 2026-04-16 | N/A |
| SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. | ||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | ||||
| CVE-2005-1352 | 1 Leif M. Wright | 1 Ad.cgi | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | ||||
| CVE-2005-1357 | 1 Text.cgi | 1 Text.cgi | 2026-04-16 | N/A |
| text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||
| CVE-2005-1376 | 1 Claroline | 1 Claroline | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | ||||