Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4061 1 Thomas Pequet 1 Phpprintanalyzer 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in Thomas Pequet phpPrintAnalyzer 1.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep_par_rapport_racine parameter. NOTE: this issue has been disputed by third party researchers, stating that the rep_par_rapport_racine variable is initialized before use
CVE-2006-4019 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2025-04-03 N/A
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users.
CVE-2006-4089 1 Andy Lo-a-foe 1 Alsaplayer 2025-04-03 N/A
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
CVE-2005-4780 1 Fidra Software 1 Lighthouse Cms 2025-04-03 3.7 Low
Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED
CVE-2004-0133 1 Linux 1 Linux Kernel 2025-04-03 N/A
The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device.
CVE-2005-4787 1 Turnkey Solutions 1 Sunshop Shopping Cart 2025-04-03 N/A
Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue.
CVE-2006-4309 1 Ak-systems 1 Windows Terminal 2025-04-03 N/A
VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.
CVE-1999-0608 1 Pdgsoft 1 Pdg Shopping Cart 2025-04-03 N/A
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
CVE-2006-4314 1 Symantec 1 Enterprise Security Manager 2025-04-03 N/A
The manager server in Symantec Enterprise Security Manager (ESM) 6 and 6.5.x allows remote attackers to cause a denial of service (hang) via a malformed ESM agent request.
CVE-2001-0970 1 Tdavid 1 Td Forum 2025-04-03 N/A
Cross-site scripting vulnerability in TDForum 1.2 CGI script (tdforum12.cgi) allows remote attackers to execute arbitrary script on other clients via a forum message that contains the script.
CVE-2005-1567 1 Directtopics 1 Directtopics 2025-04-03 N/A
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2005-4581 1 Scott Draves 1 Electric Sheep 2025-04-03 N/A
Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
CVE-2001-0409 1 Vim Development Group 1 Vim 2025-04-03 N/A
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
CVE-2005-2539 1 Flatnuke 1 Flatnuke 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post.
CVE-2000-1222 1 Ibm 1 Aix 2025-04-03 N/A
AIX sysback before 4.2.1.13 uses a relative path to find and execute the hostname program, which allows local users to gain privileges by modifying the path to point to a malicious hostname program.
CVE-2006-1008 1 Nathan Landry 1 N8cms Sitesuite Cms 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
CVE-2006-1017 1 Php 1 Php 2025-04-03 N/A
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
CVE-2006-1020 1 Johnny Vegas 1 Vegas Forum 2025-04-03 N/A
SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-1999-0625 2025-04-03 N/A
The rpc.rquotad service is running.
CVE-2005-3967 1 Atlassian 1 Confluence 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.