Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4219 1 Microsoft 1 Ie 2025-04-03 N/A
The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
CVE-2006-4497 1 Iwebnegar 1 Iwebnegar 2025-04-03 N/A
SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4504 1 Nx5 1 Nx5linx 2025-04-03 N/A
SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) c and (2) l parameters.
CVE-2005-1115 2 Phpbb Group, Smartor 2 Phpbb, Photo Album 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.
CVE-2006-2881 1 Dreamcost 1 Dreamaccount 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
CVE-2005-2373 1 Whitsoft Development 1 Slimftpd 2025-04-03 N/A
Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.
CVE-2006-2908 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 N/A
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
CVE-2002-0538 1 Symantec 4 Enterprise Firewall, Gateway Security, Raptor Firewall and 1 more 2025-04-03 N/A
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
CVE-2006-3765 1 Huttenlocher Webdesign 1 Hwdeguest 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php.
CVE-2005-2500 1 Linux 1 Linux Kernel 2025-04-03 N/A
Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol.
CVE-2005-2501 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
CVE-2005-2503 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
CVE-2005-2504 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
CVE-2005-2505 1 Apple 1 Mac Os X 2025-04-03 N/A
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
CVE-2005-2523 1 Apple 2 Mac Os X, Weblog Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-2660 1 Php 1 Php 2025-04-03 N/A
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prevents a unique string from being appended to the filename.
CVE-2005-2551 1 Novell 1 Edirectory 2025-04-03 N/A
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors.
CVE-2005-2570 1 Funkboard 1 Funkboard 2025-04-03 N/A
FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message.
CVE-2005-2560 1 Ader Software 1 Cfbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-2571 1 Funkboard 1 Funkboard 2025-04-03 N/A
FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.