Export limit exceeded: 363668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363668 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4494 1 Microsoft 1 Visual Studio 2026-04-16 N/A
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
CVE-2006-4498 1 Phpalbum.net 1 Phpalbum 2026-04-16 N/A
PHP remote file inclusion vulnerability in sommaire_admin.php in PhpAlbum (mod_phpalbum) 2.15 for PortailPHP allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter, a different vector than CVE-2006-3922.
CVE-2002-1856 1 Hp 1 Application Server 2026-04-16 N/A
HP Application Server 8.0, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVE-2006-4505 1 Nx5 1 Nx5linx 2026-04-16 N/A
CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a CRLF sequence in the url parameter.
CVE-2006-4508 2 Scatterchat, Tor 2 Scatterchat, Tor 2026-04-16 N/A
Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and 0.1.1.x before 0.1.1.23, and (2) ScatterChat before 1.0.2, allows remote attackers operating a Tor entry node to route arbitrary Tor traffic through clients or cause a denial of service (flood) via unspecified vectors.
CVE-2002-1872 1 Microsoft 1 Sql Server 2026-04-16 7.5 High
Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
CVE-2006-4528 1 Membrepass 1 Membrepass 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.
CVE-2006-4529 1 Membrepass 1 Membrepass 2026-04-16 N/A
SQL injection vulnerability in recherchemembre.php in membrepass 1.5. allows remote attackers to execute arbitrary SQL commands via the recherche parameter.
CVE-2006-4531 1 Bare Concept Media 1 Pheap Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
CVE-2002-1920 1 Datawizard 1 Ftpxq 2026-04-16 N/A
Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name.
CVE-2002-1936 1 Utstarcom 1 Bas 1000 2026-04-16 N/A
UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account with a password of "*3noguru", (3) snmp account with a password of "snmp", or (4) dbase account with a password of "dbase".
CVE-2003-1192 1 Truenorth Software 1 Ia Webmail Server 2026-04-16 N/A
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2003-1152 1 Infrontech 1 Webtide 2026-04-16 N/A
WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").
CVE-2006-4284 1 Lblog 1 Lblog 2026-04-16 N/A
SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2002-1338 1 Microsoft 1 Office Web Components 2026-04-16 N/A
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.
CVE-2006-4285 1 Fscripts 1 Fantastic News 2026-04-16 N/A
PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.
CVE-2002-1345 3 Ncftp Software, Openbsd, Sun 4 Ncftp, Openbsd, Solaris and 1 more 2026-04-16 N/A
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
CVE-2002-1347 3 Apple, Cyrusimap, Redhat 4 Mac Os X, Mac Os X Server, Cyrus Sasl and 1 more 2026-04-16 9.8 Critical
Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) long inputs during user name canonicalization, (2) characters that need to be escaped during LDAP authentication using saslauthd, or (3) an off-by-one error in the log writer, which does not allocate space for the null character that terminates a string.
CVE-2003-1092 1 Christos Zoulas 1 File 1 2026-04-16 N/A
Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.
CVE-2006-4286 1 Mambo 1 Mambo 2026-04-16 N/A
PHP remote file inclusion vulnerability in contentpublisher.php in the contentpublisher component (com_contentpublisher) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third parties who state that contentpublisher.php protects against direct request in the most recent version. The original researcher is known to be frequently inaccurate