Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3279 1 Jan Kybic 1 Bitmap Viewer 2025-04-03 N/A
Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option.
CVE-2005-0003 4 Avaya, Linux, Mandrakesoft and 1 more 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more 2025-04-03 N/A
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
CVE-2005-3280 1 Paros 1 Paros 2025-04-03 N/A
Paros 3.2.5 uses a default password for the "sa" account in the underlying HSQLDB database and does not restrict access to the local machine, which allows remote attackers to gain privileges.
CVE-2005-3285 1 Comersus Open Technologies 1 Comersus Backoffice Plus 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters.
CVE-2006-1557 1 Skintech 1 X-changer 2025-04-03 N/A
Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php.
CVE-2000-0059 1 Php 1 Php 2025-04-03 N/A
PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands.
CVE-2006-1558 1 Php 1 Php Script Index 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2002-1661 1 Leafnode 1 Leafnode 2025-04-03 N/A
The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.
CVE-2006-1574 1 Hitachi 4 Groupmax World Wide Web, Groupmax World Wide Web Desktop, Groupmax World Wide Web Desktop Scheduler and 1 more 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2000-0071 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions.
CVE-2006-1575 1 Vscripts.pl 1 Qlnews 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters.
CVE-2006-1576 1 Vscripts.pl 1 Qlnews 2025-04-03 N/A
Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php.
CVE-2006-1578 1 Index Data Aps 1 Keystone Digital Library Suite 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search module.
CVE-2006-1583 1 Juliusz Julas Gonera 1 Warcraft Iii Replay Parser Php 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.
CVE-2006-1584 1 Juliusz Julas Gonera 1 Warcraft Iii Replay Parser Php 2025-04-03 N/A
Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file uploads. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter.
CVE-2005-0573 1 Rob Flynn 1 Gaim 2025-04-03 N/A
Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.
CVE-2006-1587 1 Netbsd 1 Netbsd 2025-04-03 N/A
NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file.
CVE-2006-1588 1 Netbsd 1 Netbsd 2025-04-03 N/A
The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not clear sensitive memory before copying ioctl results to the requesting process, which allows local users to obtain portions of kernel memory.
CVE-2006-1589 1 Netbsd 1 Netbsd 2025-04-03 N/A
The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference.
CVE-2006-1594 1 Claroline 1 Claroline 2025-04-03 N/A
Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php.