Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3866 1 Wwwsearchsolutions 1 Searchfeed Search Engine 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.
CVE-2002-0986 2 Php, Redhat 5 Php, Enterprise Linux, Linux and 2 more 2025-04-03 N/A
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
CVE-2002-0840 3 Apache, Oracle, Redhat 9 Http Server, Application Server, Database Server and 6 more 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
CVE-2005-4243 1 Quickpaypro 1 Quickpaypro 2025-04-03 N/A
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2005-3486 1 Scorched 3d 1 Scorched 3d 2025-04-03 N/A
Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.
CVE-2005-3893 1 Otrs 1 Otrs 2025-04-03 N/A
Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user parameter in the Login action, and remote authenticated users via the (2) TicketID and (3) ArticleID parameters of the AgentTicketPlain action.
CVE-2005-4252 1 Mcgallery 1 Mcgallery Pro 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters.
CVE-2006-2986 1 Baby Katie Media 2 Very Simple Car Lister, Very Simple Realty Lister 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) lid parameter in index.php and the (2) title parameter in myslideshow.php.
CVE-2002-0863 1 Microsoft 5 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 2 more 2025-04-03 N/A
Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
CVE-2006-4364 1 Alt-n 1 Mdaemon 2025-04-03 N/A
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.
CVE-2002-0864 1 Microsoft 4 .net Windows Server, Windows 2000, Windows 2000 Terminal Services and 1 more 2025-04-03 N/A
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
CVE-2005-4255 1 Wikkawiki 1 Wikkawiki 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
CVE-2002-1260 1 Microsoft 8 Windows 2000, Windows 2000 Terminal Services, Windows 95 and 5 more 2025-04-03 N/A
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
CVE-2005-4260 1 Francisco Burzi 1 Php-nuke 2025-04-03 N/A
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
CVE-2002-1323 5 Redhat, Safe.pm, Sco and 2 more 10 Enterprise Linux, Linux, Linux Advanced Workstation and 7 more 2025-04-03 N/A
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
CVE-2002-1694 1 Microsoft 2 Internet Information Server, Internet Information Services 2025-04-03 N/A
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
CVE-2002-1712 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
CVE-2005-4266 1 Alt-n 2 Mdaemon, Worldclient 2025-04-03 N/A
WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value.
CVE-2005-4297 1 Bbboard 1 Bbboard 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.
CVE-2005-4299 1 Atlantpro.com 1 Atlant Pro 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.