Export limit exceeded: 363823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363823 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4975 1 Yahoo 1 Messenger 2026-04-16 N/A
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
CVE-2006-4977 1 Walter Beschmout 1 Phpquiz 2026-04-16 N/A
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
CVE-2006-4917 1 Pt News 1 Pt News 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter.
CVE-2004-0746 5 Gentoo, Kde, Mandrakesoft and 2 more 6 Linux, Kde, Konqueror and 3 more 2026-04-16 N/A
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
CVE-2006-4916 1 Asp Indir 1 Tekman Portal 2026-04-16 N/A
SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter.
CVE-2006-4914 1 A.l-pifou 1 A.l-pifou 2026-04-16 N/A
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
CVE-2004-0733 1 Ollydbg 1 Ollydbg 2026-04-16 N/A
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
CVE-2006-4912 1 Php Docwriter 1 Php Docwriter 2026-04-16 N/A
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
CVE-2006-4911 1 Cisco 1 Ips Sensor Software 2026-04-16 N/A
Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
CVE-2004-0715 1 Bea 1 Weblogic Server 2026-04-16 N/A
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
CVE-2006-4906 1 Marc Logemann 1 More.groupware 2026-04-16 N/A
SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter.
CVE-2004-0714 1 Cisco 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software 2026-04-16 N/A
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
CVE-2006-4899 1 Broadcom 1 Etrust Security Command Center 2026-04-16 N/A
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
CVE-2006-4895 1 Idevspot 1 Nixieaffiliate 2026-04-16 N/A
IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
CVE-2006-4893 1 Phpbb Xs 1 Phpbb Xs 2026-04-16 N/A
PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780.
CVE-2004-0691 2 Redhat, Trolltech 2 Enterprise Linux, Qt 2026-04-16 N/A
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
CVE-2004-0686 3 Redhat, Samba, Trustix 3 Enterprise Linux, Samba, Secure Linux 2026-04-16 N/A
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
CVE-2006-4883 1 Idevspot 1 Bizdirectory 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.
CVE-2006-4882 1 Charon Internet 1 Charon Cart 2026-04-16 N/A
SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter.
CVE-2004-0215 2 Avaya, Microsoft 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more 2026-04-16 N/A
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.