Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0330 1 Openbb 1 Openbb 2025-04-03 N/A
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
CVE-1999-0377 1 Unix 1 Unix 2025-04-03 N/A
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
CVE-2002-1821 1 Ultimate Php Board 1 Ultimate Php Board 2025-04-03 N/A
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php.
CVE-1999-0379 1 Microsoft 1 Backoffice Resource Kit 2025-04-03 N/A
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
CVE-2002-0333 1 Xtell 1 Xtell 2025-04-03 N/A
Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows remote attackers to read files with short names, and local users to read more files using a symlink with a short name, via a .. in the TTY argument.
CVE-2002-0334 1 Xtell 1 Xtell 2025-04-03 N/A
xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local users to modify files via a symlink attack on the .xtell-log file.
CVE-2004-0540 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
CVE-2006-4668 1 Rob Hensley 1 Ackertodo 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command.
CVE-2000-0630 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
CVE-2006-2819 1 Barnraiser 1 Igloo 2025-04-03 N/A
PHP remote file inclusion vulnerability in Wiki.php in Barnraiser Igloo 0.1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c_node[class_path] parameter.
CVE-2006-2826 1 Phplib Team 1 Phplib 2025-04-03 N/A
SQL injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a allows remote attackers to execute arbitrary SQL commands via the id variable, which is set by a client through a query string or a cookie.
CVE-1999-1471 1 Bsd 1 Bsd 2025-04-03 N/A
Buffer overflow in passwd in BSD based operating systems 4.3 and earlier allows local users to gain root privileges by specifying a long shell or GECOS field.
CVE-2001-0643 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
CVE-2002-0965 1 Oracle 1 Oracle9i 2025-04-03 N/A
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
CVE-2003-0253 2 Apache, Redhat 2 Http Server, Linux 2025-04-03 N/A
The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service.
CVE-2003-1248 1 Positive Software 1 H-sphere 2025-04-03 N/A
H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) mode and (2) zipfile parameters in a URL request.
CVE-2005-3045 1 My Little Homepage 1 My Little Forum 2025-04-03 N/A
SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field.
CVE-2006-1777 1 Simplog 1 Simplog 2025-04-03 N/A
Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting PHP sequences into an Apache error_log file, which is then included by doc/index.php.
CVE-2006-1779 1 Simplog 1 Simplog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter.
CVE-2004-0958 2 Php, Redhat 2 Php, Enterprise Linux 2025-04-03 N/A
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.