Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2018 1 Sas 2 Base, Integration Technologies 2025-04-03 N/A
sastcpd in SAS/Base 8.0 might allow local users to gain privileges by setting the netencralg environment variable, which causes a segmentation fault.
CVE-2006-2810 1 Belchior Foundry 1 Vcard 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230.
CVE-2004-0268 1 Evolutionx 1 Evolutionx 2025-04-03 N/A
Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server.
CVE-2004-1414 1 Gadu-gadu 1 Gadu-gadu Instant Messenger 2025-04-03 N/A
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
CVE-2004-2601 1 Ubertec 1 Help Center Live 2025-04-03 N/A
PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php.
CVE-2005-0597 1 Cisco 1 Application And Content Networking Software 2025-04-03 N/A
Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection."
CVE-2006-2924 1 Ingate 2 Ingate Firewall, Ingate Siparator 2025-04-03 N/A
Ingate Firewall in the SIP module before 4.4.1 and SIParator before 4.4.1, when TLS is enabled or when SSL/TLS is enabled in the web server, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake.
CVE-2002-2034 1 John Hardin 1 Procmail Email Sanitizer 2025-04-03 N/A
The Email Sanitizer before 1.133 for Procmail allows remote attackers to bypass the mail filter and execute arbitrary code via crafted recursive multipart MIME attachments.
CVE-2006-2925 1 Ingate 2 Ingate Firewall, Siparator 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS exploits" in administrator functionality.
CVE-2004-0275 1 Bosdev 1 Bosdates 2025-04-03 N/A
SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.
CVE-2006-2930 1 Sun 2 Grid Engine, N1 Grid Engine 2025-04-03 N/A
Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.
CVE-2006-2931 1 Hotwebscripts 1 Cms Mundo 2025-04-03 N/A
CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, which allows remote attackers to execute arbitrary PHP code by uploading and later directly accessing certain files.
CVE-2006-2942 1 Twiki 1 Twiki 2025-04-03 N/A
TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.
CVE-2002-2035 1 Realityscape 1 Mylogin 2000 2025-04-03 N/A
SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password in the login form.
CVE-2006-2946 1 Dmx Forum 1 Dmx Forum 2025-04-03 N/A
Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information.
CVE-2006-2954 1 Primoris Software 1 Officeflow 2025-04-03 N/A
SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier allows remote attackers to execute arbitrary SQL commands via the Project parameter.
CVE-2006-2955 1 Kaphotoservice 1 Kaphotoservice 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice 7.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) New Category (newcategory) or (2) apage parameter to (a) edtalbum.asp, or the (3) cat or (4) albumid parameter to (b) album.asp.
CVE-2006-2962 1 Oxfam Australia 1 Emergencies Personnel Information System 2025-04-03 N/A
PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter.
CVE-2006-2964 1 Xtreme Scripts 1 Download Manager 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2) manager.php, (3) admin/scripts/category.php, (4) includes/add_allow.php, (5) admin/index.php, and (6) admin/admin/login.php.
CVE-2006-2965 1 Particle Soft 1 Particle Whois 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box."