Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0929 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. | ||||
| CVE-2000-0934 | 1 Redhat | 1 Linux | 2026-04-16 | N/A |
| Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. | ||||
| CVE-2000-0937 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. | ||||
| CVE-2000-0948 | 1 Gnome | 1 Gnorpm | 2026-04-16 | N/A |
| GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. | ||||
| CVE-1999-0528 | 2026-04-16 | N/A | ||
| A router or firewall forwards external packets that claim to come from inside the network that the router/firewall is in front of. | ||||
| CVE-2006-1698 | 1 Matt Wright | 1 Matt Wright Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) url, (2) city, (3) state, or (4) country parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that they are the result of post-disclosure analysis. | ||||
| CVE-2006-1706 | 1 Kansok Communications | 1 Shopweezle | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | ||||
| CVE-1999-0598 | 2026-04-16 | N/A | ||
| A network intrusion detection system (IDS) does not properly handle packets that are sent out of order, allowing an attacker to escape detection. | ||||
| CVE-1999-0603 | 2026-04-16 | N/A | ||
| In Windows NT, an inappropriate user is a member of a group, e.g. Administrator, Backup Operators, Domain Admins, Domain Guests, Power Users, Print Operators, Replicators, System Operators, etc. | ||||
| CVE-2005-2777 | 1 Looking Glass | 1 Looking Glass | 2026-04-16 | N/A |
| Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field. | ||||
| CVE-2006-1017 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. | ||||
| CVE-2006-1020 | 1 Johnny Vegas | 1 Vegas Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | ||||
| CVE-2006-1756 | 1 Matthew Dingley | 1 Md News | 2026-04-16 | N/A |
| MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. | ||||
| CVE-1999-0609 | 1 Mercantec | 1 Softcart | 2026-04-16 | N/A |
| An incorrect configuration of the SoftCart CGI program "SoftCart.exe" could disclose private information. | ||||
| CVE-2006-1763 | 1 Blursoft | 1 Blur6ex | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php), or a (3) g_viewContent action to the content shard (engine/shards/content.php). | ||||
| CVE-2006-1807 | 1 Musicbox | 1 Musicbox | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start parameter in a search action or (2) type parameter in a top action. | ||||
| CVE-2006-1808 | 1 Lifetype | 1 Lifetype | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. | ||||
| CVE-1999-0635 | 2026-04-16 | N/A | ||
| The echo service is running. | ||||
| CVE-2006-1810 | 1 Flexbb | 1 Flexbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 BETA allow remote attackers to inject arbitrary web script or HTML via the (1) ICQ, (2) AIM, (3) MSN, (4) Google Talk, (5) Website Name, (6) Website Address, (7) Email Address, (8) Location, (9) Signature, and (10) Sub-Titles fields in the user profile. | ||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | ||||