Export limit exceeded: 363514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2889 | 1 Pixelpost | 1 Pixelpost | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Pixelpost 1-5rc1-2 and earlier allow remote attackers to execute arbitrary SQL commands, and leverage them to gain administrator privileges, via the (1) category or (2) archivedate parameter. | ||||
| CVE-2006-2881 | 1 Dreamcost | 1 Dreamaccount | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts. | ||||
| CVE-2006-2869 | 1 Alwil | 1 Avast Antivirus | 2026-04-16 | N/A |
| Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 has unknown impact and remote attack vectors. | ||||
| CVE-2006-2382 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via crafted UTF-8 encoded HTML that results in size discrepancies during conversion to Unicode, aka "HTML Decoding Memory Corruption Vulnerability." | ||||
| CVE-2006-2383 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution. | ||||
| CVE-2006-2385 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file. | ||||
| CVE-2006-2391 | 1 Emc | 1 Retrospect Client | 2026-04-16 | N/A |
| Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497. | ||||
| CVE-2004-1500 | 2 Freeform Interactive, Monolith Productions | 11 Purge Jihad, Alien Versus Predator, Blood and 8 more | 2026-04-16 | N/A |
| Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message. | ||||
| CVE-2004-1834 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2026-04-16 | N/A |
| mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. | ||||
| CVE-2006-2392 | 1 Blue Dragon | 1 Php Blue Dragon | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in public_includes/pub_popup/popup_finduser.php in PHP Blue Dragon Platinum 2.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. | ||||
| CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. | ||||
| CVE-2006-2393 | 1 Empire Server | 1 Empire Server | 2026-04-16 | N/A |
| The client_cmd function in Empire 4.3.2 and earlier allows remote attackers to cause a denial of service (application crash) by causing long text strings to be appended to the player->client buffer, which causes an invalid memory access. | ||||
| CVE-2004-2150 | 1 Nettica | 1 Intellipeer Email Server | 2026-04-16 | N/A |
| Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names. | ||||
| CVE-2004-2588 | 1 Xmb Software | 1 Xmb Forum | 2026-04-16 | N/A |
| Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web server and the PHP application. | ||||
| CVE-2006-2399 | 1 Outgun | 1 Outgun | 2026-04-16 | N/A |
| Stack-based buffer overflow in the ServerNetworking::incoming_client_data function in servnet.cpp in Outgun 1.0.3 bot 2 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a data_file_request command with a long (1) type or (2) name string. | ||||
| CVE-2006-2401 | 1 Outgun | 1 Outgun | 2026-04-16 | N/A |
| The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and earlier allow remote attackers to cause a denial of service (application crash) via packets with incorrect message sizes, which triggers a buffer over-read. | ||||
| CVE-2006-2408 | 1 Raydium | 1 Raydium | 2026-04-16 | N/A |
| Multiple buffer overflows in Raydium before SVN revision 310 allow remote attackers to execute arbitrary code via a large packet when logged via (1) the raydium_log function in log.c or (2) the raydium_console_line_add function in console.c, possibly from a long player name. | ||||
| CVE-2006-2414 | 1 Timo Sirainen | 1 Dovecot | 2026-04-16 | N/A |
| Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command. | ||||
| CVE-2006-2415 | 1 Flexchat | 1 Flexchat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) CFTOKEN parameter in (a) index.cfm and (3) CFTOKEN and (4) CFID parameter in (b) chat.cfm. | ||||
| CVE-2006-2420 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather due to design or documentation inconsistencies within RSS, or implementation vulnerabilities in RSS readers. While this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it. | ||||