Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2771 1 Hogstorps 1 Hogstorp Guestbook 2025-04-03 N/A
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
CVE-2006-2261 1 Acal 1 Acal 2025-04-03 N/A
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2005-3407 1 Butterfat 1 Phpesp 2025-04-03 N/A
SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-2943 1 Cgi-rescue 1 Webform 2025-04-03 N/A
Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information.
CVE-2006-2997 1 Zms Publishing 1 Zms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field.
CVE-2006-3006 1 Ifoto 1 Ifoto 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly other versions before 0.50, allows remote attackers to inject arbitrary HTML or web script via a base64-encoded file parameter.
CVE-2006-3010 1 Aliacom 1 Open Business Management 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Open Business Management (OBM) 1.0.3 pl1 allow remote attackers to execute arbitrary SQL commands via the (1) new_order and (2) order_dir parameters to (a) index.php, (b) group/group_index.php, (c) user/user_index.php, (d) list/list_index.php, and (e) company/company_index.php, and the (3) entity and (4) tf_dateafter parameter to company/company_index.php.
CVE-2000-0904 1 Qnx 1 Voyager 2025-04-03 N/A
Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information.
CVE-2000-0909 1 University Of Washington 1 Pine 2025-04-03 N/A
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
CVE-1999-0451 1 Linux 1 Linux Kernel 2025-04-03 N/A
Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.
CVE-1999-0454 2025-04-03 N/A
A remote attacker can sometimes identify the operating system of a host based on how it reacts to some IP or ICMP packets, using a tool such as nmap or queso.
CVE-2005-1236 1 Duware 1 Duportal 2025-04-03 N/A
Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.
CVE-1999-0455 1 Allaire 1 Coldfusion Server 2025-04-03 N/A
The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server via exprcalc.cfm, which does not restrict access to the server properly.
CVE-2002-0389 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2025-04-03 N/A
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
CVE-2000-0913 1 Apache 1 Http Server 2025-04-03 N/A
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
CVE-1999-0463 1 L0pht 1 L0phtcrack 2025-04-03 N/A
Remote attackers can perform a denial of service using IRIX fcagent.
CVE-2001-0210 1 Carey Internet Service 1 Commerce.cgi 2025-04-03 N/A
Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter.
CVE-2001-0217 1 Mnscu Pals 1 Webpals 2025-04-03 N/A
Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter.
CVE-2000-0917 3 Caldera, Redhat, Trustix 6 Openlinux, Openlinux Ebuilder, Openlinux Edesktop and 3 more 2025-04-03 N/A
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
CVE-2002-1823 1 Lonerunner 1 Zeroo Http Server 2025-04-03 N/A
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.