Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1692 1 Xine 1 Gxine 2025-04-03 N/A
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.
CVE-2006-0216 1 Qualityebiz 1 Quality Ppc 2025-04-03 N/A
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.
CVE-2006-0221 1 Ddsn 1 Cm3cms 2025-04-03 N/A
SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
CVE-2005-1693 3 Broadcom, Ca, Zonelabs 14 Etrust Antivirus, Etrust Antivirus Ee, Etrust Ez Armor and 11 more 2025-04-03 N/A
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
CVE-2001-1436 1 Dallas Semiconductor 1 Ibutton 2025-04-03 N/A
Dallas Semiconductor iButton DS1991 returns predictable values when given an incorrect password, which makes it easier for users with physical access to conduct dictionary attacks against the device password.
CVE-2005-1694 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.
CVE-2002-1640 1 Oracle 1 Configurator 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote attackers to inject arbitrary web script or HTML via (1) Text Features in the DHTML UI or (2) the test parameter to the oracle.apps.cz.servlet.UiServlet servlet.
CVE-2005-1699 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter.
CVE-2006-0222 1 Alstrasoft 1 Template Seller 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
CVE-2005-1715 1 Ej3 1 Topo 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section.
CVE-2005-1726 1 Apple 1 Mac Os X 2025-04-03 N/A
The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."
CVE-2006-0227 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors.
CVE-2006-1393 1 University Of Washington 1 Pubcookie 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the mod_pubcookie Apache application server module in University of Washington Pubcookie 1.x, 3.0.0, 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
CVE-2006-0245 1 Devellion 1 Cubecart 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.7-pl1 allow remote attackers to inject arbitrary web script or HTML via the (3) redir, (4) productId, (5) docId, (6) act, and (7) catId parameters in index.php; and the (8) username field in a login action in index.php. NOTE: the cart.php/redir and index.php/searchStr vectors are already covered by CVE-2005-3152.
CVE-2003-0277 1 Happycgi 1 Happymall 2025-04-03 N/A
Directory traversal vulnerability in normal_html.cgi in Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the file parameter.
CVE-2001-1220 1 D-link 1 Dwl-1000ap 2025-04-03 N/A
D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point stores the administrative password in plaintext in the default Management Information Base (MIB), which allows remote attackers to gain administrative privileges.
CVE-2006-0247 1 Netbula 1 Anyboard 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula Anyboard 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tK parameter in a find command.
CVE-2005-1817 1 Invision Power Services 1 Invision Board 2025-04-03 N/A
Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters.
CVE-2002-0579 1 Workforceroi 1 Xpede 2025-04-03 N/A
WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as an Xpede administrator via a direct HTTP request to the /admin/adminproc.asp script, which does not prompt for a password.
CVE-2005-1819 1 Nikosoft 1 Webmail 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before 0.11.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.