Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1078 1 Acme Labs 1 Thttpd 2025-04-03 8.4 High
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
CVE-2005-0689 1 Jimmy 1 The Includer 2025-04-03 N/A
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
CVE-2005-0691 1 Socialmpn 1 Socialmpn 2025-04-03 N/A
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
CVE-2005-4729 1 Vbzoom 1 Vbzoom 2025-04-03 N/A
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
CVE-2005-0694 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
CVE-2005-4731 1 The Php Group 1 Pear Html Quickform Controller 2025-04-03 N/A
The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.
CVE-2006-1080 1 Game-panel 1 Game-panel 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value.
CVE-2005-0696 1 Argosoft 1 Ftp Server 2025-04-03 N/A
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
CVE-2005-4732 1 Tux Racer 1 Tuxbank 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description parameters.
CVE-2005-0697 1 Brt 1 Copperexport 2025-04-03 N/A
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
CVE-2005-0707 1 Ipswitch 1 Ipswitch Collaboration Suite 2025-04-03 N/A
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.
CVE-2005-4733 1 Netbsd 1 Netbsd 2025-04-03 N/A
NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0.
CVE-2005-4735 1 Ibm 1 Db2 Universal Database 2025-04-03 N/A
IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.
CVE-2005-0708 2 Dragonflybsd, Freebsd 2 Dragonflybsd, Freebsd 2025-04-03 N/A
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
CVE-2006-1081 1 Jonathan Beckett 1 Pluggedout Nexus 2025-04-03 N/A
SQL injection vulnerability in forgotten_password.php in Jonathan Beckett PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the email parameter.
CVE-2005-4741 1 Netbsd 1 Netbsd 2025-04-03 N/A
NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.
CVE-2006-1083 1 Php-stats 1 Php-stats 2025-04-03 N/A
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3) possibly other parameters, to (a) admin.php and (b) other unspecified scripts. NOTE: the admin.php/option[language] vector can be used by remote unauthenticated attackers to include arbitrary files in conjunction with CVE-2006-1085.
CVE-2005-0865 1 Securecomputing 1 Samsung Adsl Modem 2025-04-03 N/A
Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi.
CVE-2005-0869 1 Phpsysinfo 1 Phpsysinfo 2025-04-03 N/A
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
CVE-2002-0529 1 Hp 1 Photosmart Print Driver 2025-04-03 N/A
HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.