Export limit exceeded: 360766 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4372 1 Constructor Component 1 Constructor Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-1999-1402 2 Freebsd, Sun 3 Freebsd, Solaris, Sunos 2026-04-16 N/A
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
CVE-2006-2462 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic.
CVE-2006-3296 1 George Currums 1 Open Guestbook 2026-04-16 N/A
SQL injection vulnerability in view.php in Open Guestbook 0.5 allows remote attackers to execute arbitrary SQL commands via the offset parameter.
CVE-1999-1138 1 Sco 4 Open Desktop, Open Desktop Lite, Openserver and 1 more 2026-04-16 N/A
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
CVE-2005-3098 1 Qualcomm 1 Qpopper 2026-04-16 N/A
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
CVE-1999-1125 1 Oracle 1 Http Server 2026-04-16 N/A
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
CVE-2006-4359 1 Trident Software 1 Powerzip 2026-04-16 N/A
Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.
CVE-2006-1893 1 Ar-blog 1 Ar-blog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-1383 1 Pablo Software Solutions 1 Baby Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not.
CVE-2004-2091 1 Microsoft 1 Baseline Security Analyzer 2026-04-16 N/A
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
CVE-2005-3327 1 Network Appliance 1 Data Ontap 2026-04-16 N/A
Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.
CVE-2006-1887 1 Oracle 1 Enterpriseone 2026-04-16 N/A
Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security Server 8.95.J1 has unknown impact and attack vectors, aka Vuln# JDE01.
CVE-2006-4236 1 Powergap 2 Powergap Business, Powergap Lite 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow remote attackers to execute arbitrary PHP code via a URL in the (1) shopid parameter to (a) s01.php, (b) s02.php, (c) s03.php, and (d) s04.php; and possibly a URL located after "shopid=" or "sid=" in the PATH_INFO.
CVE-2005-3329 1 Rsa 1 Authentication Agent For Web 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
CVE-2005-1507 1 4d 1 Webstar 2026-04-16 N/A
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
CVE-2006-2464 1 Bea 1 Weblogic Server 2026-04-16 N/A
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
CVE-2005-3343 1 Tkdiff 1 Tkdiff 2026-04-16 N/A
tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-1999-1403 1 Ibm 1 Tivoli Opc Tracker Agent 2026-04-16 N/A
IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, directories, and IPC message queues with insecure permissions (world-readable and world-writable), which could allow local users to disrupt operations and possibly gain privileges by modifying or deleting files.
CVE-2005-1950 1 Darryl Burgdorf 1 Webhints 2026-04-16 N/A
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.