Export limit exceeded: 363823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363823 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4975 | 1 Yahoo | 1 Messenger | 2026-04-16 | N/A |
| Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. | ||||
| CVE-2006-4977 | 1 Walter Beschmout | 1 Phpquiz | 2026-04-16 | N/A |
| Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter. | ||||
| CVE-2006-4917 | 1 Pt News | 1 Pt News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PT News 1.7.8 allows remote attackers to inject arbitrary web script or HTML via the pgname parameter. | ||||
| CVE-2004-0746 | 5 Gentoo, Kde, Mandrakesoft and 2 more | 6 Linux, Kde, Konqueror and 3 more | 2026-04-16 | N/A |
| Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | ||||
| CVE-2006-4916 | 1 Asp Indir | 1 Tekman Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) 1.0 allows remote attackers to execute arbitrary SQL commands via the uye_id parameter. | ||||
| CVE-2006-4914 | 1 A.l-pifou | 1 A.l-pifou | 2026-04-16 | N/A |
| Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources. | ||||
| CVE-2004-0733 | 1 Ollydbg | 1 Ollydbg | 2026-04-16 | N/A |
| Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call. | ||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | ||||
| CVE-2006-4911 | 1 Cisco | 1 Ips Sensor Software | 2026-04-16 | N/A |
| Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | ||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | ||||
| CVE-2006-4906 | 1 Marc Logemann | 1 More.groupware | 2026-04-16 | N/A |
| SQL injection vulnerability in modules/calendar/week.php in More.groupware 0.74 allows remote attackers to execute arbitrary SQL commands via the new_calendarid parameter. | ||||
| CVE-2004-0714 | 1 Cisco | 3 Ios, Ons 15454e Optical Transport Platform, Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption). | ||||
| CVE-2006-4899 | 1 Broadcom | 1 Etrust Security Command Center | 2026-04-16 | N/A |
| The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message. | ||||
| CVE-2006-4895 | 1 Idevspot | 1 Nixieaffiliate | 2026-04-16 | N/A |
| IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php. | ||||
| CVE-2006-4893 | 1 Phpbb Xs | 1 Phpbb Xs | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in bb_usage_stats/includes/bb_usage_stats.php in phpBB XS 0.58 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780. | ||||
| CVE-2004-0691 | 2 Redhat, Trolltech | 2 Enterprise Linux, Qt | 2026-04-16 | N/A |
| Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | ||||
| CVE-2004-0686 | 3 Redhat, Samba, Trustix | 3 Enterprise Linux, Samba, Secure Linux | 2026-04-16 | N/A |
| Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. | ||||
| CVE-2006-4883 | 1 Idevspot | 1 Bizdirectory | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php. | ||||
| CVE-2006-4882 | 1 Charon Internet | 1 Charon Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in Review.asp in Julian Roberts Charon Cart 3 allows remote attackers to execute arbitrary SQL commands via the ProductID parameter. | ||||
| CVE-2004-0215 | 2 Avaya, Microsoft | 5 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 2 more | 2026-04-16 | N/A |
| Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header. | ||||