Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360766 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3382 | 1 Mads | 1 Mads | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". | ||||
| CVE-2006-0647 | 1 Sun | 1 Java System Directory Server | 2026-04-16 | N/A |
| LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite. | ||||
| CVE-2006-0331 | 1 Thiago Melo De Paula | 1 Change Passwd | 2026-04-16 | N/A |
| Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2006-2702 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR']. | ||||
| CVE-2006-0176 | 1 Xmame | 1 Xmame | 2026-04-16 | N/A |
| Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux. | ||||
| CVE-2005-4294 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page. | ||||
| CVE-2005-4270 | 1 Watchfire | 1 Appscan Qa | 2026-04-16 | N/A |
| Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field. | ||||
| CVE-2005-4249 | 1 Adp | 1 Adp Forum | 2026-04-16 | N/A |
| ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory. | ||||
| CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. | ||||
| CVE-2001-0997 | 1 Textor Webmasters Ltd. | 1 Listrec.pl | 2026-04-16 | N/A |
| Textor Webmasters Ltd listrec.pl CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the TEMPLATE parameter. | ||||
| CVE-2006-0985 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. | ||||
| CVE-1999-0516 | 2026-04-16 | N/A | ||
| An SNMP community name is guessable. | ||||
| CVE-1999-0254 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. | ||||
| CVE-2006-2714 | 1 Secure Elements | 1 C5 Enterprise Vulnerability Management | 2026-04-16 | N/A |
| Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not validate the CEID of an incoming message, which allows remote attackers to send messages to a protected asset without knowing the proper CEID. | ||||
| CVE-2001-1519 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it | ||||
| CVE-2006-1285 | 1 Symantec | 2 Ghost Solutions Suite, Norton Ghost | 2026-04-16 | N/A |
| SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost Solutions Suite (SGSS) 1.0, gives read and write permissions to all users for database shared memory sections, which allows local users to access and possibly modify certain information. | ||||
| CVE-2001-0909 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL. | ||||
| CVE-2006-4832 | 1 Verso Netperformer | 1 Frame Relay Access Device Act | 2026-04-16 | N/A |
| Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username. | ||||
| CVE-2005-2150 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog. | ||||
| CVE-2005-2143 | 1 Microsoft | 1 Frontpage | 2026-04-16 | N/A |
| Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | ||||