Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0279 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 5.x through 6.5 allows remote attackers to steal sensitive information via numeric fields, as demonstrated using (1) the viewlink function and cid parameter, or (2) index.php.
CVE-2003-0287 1 Six Apart 1 Movable Type 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, and possibly other versions including 2.63, allows remote attackers to insert arbitrary web script or HTML via the Name textbox, possibly when the "Allow HTML in comments?" option is enabled.
CVE-2004-0505 3 Ethereal Group, Redhat, Sgi 3 Ethereal, Enterprise Linux, Propack 2025-04-03 N/A
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
CVE-2006-4679 1 Andreas Gohr 1 Dokuwiki 2025-04-03 N/A
DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".
CVE-2004-1001 1 Debian 1 Shadow 2025-04-03 N/A
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
CVE-2006-4705 1 Dominic Gamble 1 Timesheet.php 2025-04-03 N/A
SQL injection vulnerability in login.php in dwayner79 and Dominic Gamble Timesheet (aka Timesheet.php) 1.2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2004-0506 3 Ethereal Group, Redhat, Sgi 3 Ethereal, Enterprise Linux, Propack 2025-04-03 N/A
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
CVE-2005-1384 1 Coinsoft Technologies 1 Phpcoin 2025-04-03 N/A
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
CVE-2003-0292 1 Inktomi 1 Inktomi Traffic-server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5.1 allows remote attackers to insert arbitrary web script or HTML into an error page that appears to come from the domain that the client is visiting, aka "Man-in-the-Middle" XSS.
CVE-2004-0507 3 Ethereal Group, Redhat, Sgi 3 Ethereal, Enterprise Linux, Propack 2025-04-03 N/A
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2006-4711 1 Sage 1 Sage 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.
CVE-2003-0297 2 Redhat, University Of Washington 4 Enterprise Linux, C-client, Imap-2002b and 1 more 2025-04-03 N/A
c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remote malicious IMAP servers to cause a denial of service (crash) and possibly execute arbitrary code via certain large (1) literal and (2) mailbox size values that cause either integer signedness errors or integer overflow errors.
CVE-2005-4211 1 Coinsoft Technologies 1 Phpcoin 2025-04-03 N/A
PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable.
CVE-2006-2132 1 Duware 1 Duclassified 2025-04-03 N/A
SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-4718 1 Korviblog 1 Korviblog 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters.
CVE-2003-0299 2 Mutt, Stuart Parmenter 2 Mutt, Balsa 2025-04-03 N/A
The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large mailbox size values that cause either integer signedness errors or integer overflow errors.
CVE-2004-0510 1 Sco 1 Openserver 2025-04-03 N/A
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
CVE-2006-2460 1 Sugarcrm 1 Sugarcrm 2025-04-03 N/A
Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter.
CVE-2004-0511 1 Sco 1 Openserver 2025-04-03 N/A
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
CVE-2003-0305 1 Cisco 1 Ios 2025-04-03 N/A
The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka Response Time Reporter (RTR), allows remote attackers to cause a denial of service (crash) via malformed RTR packets to port 1967.