Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2293 1 Twofold Photos 1 Webshots Desktop 2025-04-03 N/A
Webshots Desktop screensaver allows local users to bypass the password on the screensaver by pressing CTRL-ALT-DELETE and (1) hitting the cancel button or (2) killing the screensaver from the task manager.
CVE-2004-2219 1 Microsoft 2 Ie, Internet Explorer 2025-04-03 N/A
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
CVE-2005-2885 1 Maxdev 1 Md-pro 2025-04-03 N/A
The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.
CVE-2006-2725 1 Epic Designs 1 Eggblog 2025-04-03 N/A
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2732 1 Mini-nuke 1 Mini-nuke 2025-04-03 N/A
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
CVE-2006-3690 1 Minibb 1 Forum 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
CVE-2004-1823 1 Jelsoft 1 Vbulletin 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
CVE-2006-3736 1 Mambo 1 Videodb 2025-04-03 N/A
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2005-3204 1 Oracle 2 Application Server, Oracle9i 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
CVE-2005-3210 1 Kaspersky Lab 1 Kaspersky Anti-virus 2025-04-03 N/A
Multiple interpretation error in unspecified versions of Kaspersky Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2006-4384 1 Apple 1 Quicktime 2025-04-03 N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
CVE-2005-4497 1 Tangora 1 Tangora Portal Cms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx.
CVE-2006-0013 1 Microsoft 2 Windows 2003 Server, Windows Xp 2025-04-03 N/A
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
CVE-2006-3822 1 Geodesicsolutions 1 Geoauctions Enterprise 2025-04-03 N/A
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.
CVE-2006-4423 1 Bigace 1 Bigace 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php.
CVE-2006-4790 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2025-04-03 N/A
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents GnuTLS from correctly verifying X.509 and other certificates that use PKCS, a variant of CVE-2006-4339.
CVE-2004-0362 1 Iss 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more 2025-04-03 N/A
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
CVE-2001-0833 1 Oracle 1 Database Server 2025-04-03 N/A
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
CVE-2002-1022 1 Working Resources Inc. 1 Badblue 2025-04-03 N/A
BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges.
CVE-2005-0002 1 Gentoo 1 Poppassd Pam 2025-04-03 N/A
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.