Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0459 1 Ieee 1 802.11 Wireless Protocol 2025-04-03 N/A
The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data.
CVE-2005-1798 1 Serverscheck 1 Monitoring Software 2025-04-03 N/A
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.
CVE-2006-0604 1 Hinton Design 1 Phphg Guestbook 2025-04-03 N/A
check.php in Hinton Design phphg Guestbook 1.2 does not check the user password when authenticating via cookies, which allows remote attackers to gain unauthorized access.
CVE-2005-4486 1 Quantum Art 1 Qp7 Enterprise 2025-04-03 N/A
SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp
CVE-2006-4544 1 Exbb 1 Exbb 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.
CVE-2006-0838 1 Micromuse 1 Netcool Neusecure 2025-04-03 N/A
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues.
CVE-2006-0667 1 Ibm 1 Aix 2025-04-03 N/A
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
CVE-2006-0835 1 Mitridat 1 Web Calendar Pro 2025-04-03 N/A
SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter.
CVE-2004-2663 1 Ibm 1 Egatherer 2025-04-03 N/A
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
CVE-2006-2173 1 Filezilla 1 Filezilla Server 2025-04-03 N/A
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer.
CVE-2006-1349 1 Musicbox 1 Musicbox 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) type and (3) show parameters in a top action in (a) index.php; and the (4) message1 parameter in (b) cart.php.
CVE-2000-0530 2 Caldera, Kde 2 Openlinux, Kde 2025-04-03 N/A
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
CVE-2001-0818 1 Marty Bochane 1 Mdbms 2025-04-03 N/A
A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.
CVE-2006-1350 1 Articlesone 1 99articles Directory 2025-04-03 N/A
PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter.
CVE-2006-1351 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server 6.1 SP7 and earlier allows remote attackers to read arbitrary files via unknown attack vectors related to a "default internal servlet" accessed through HTTP.
CVE-2006-2808 1 Lycos 1 Htmlgear Guestgear 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations.
CVE-2006-3841 1 Owasp 1 Webscarab 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
CVE-2002-1026 1 Macromedia 1 Sitespring 2025-04-03 N/A
Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow.
CVE-2006-0825 1 Xerox 6 Workcentre 232, Workcentre 238, Workcentre 245 and 3 more 2025-04-03 N/A
Multiple unspecified vulnerabilities in ESS/ Network Controller and MicroServer Web Server in Xerox WorkCentre Pro and Xerox WorkCentre running software 13.027.24.015 and 14.027.24.015 allow remote attackers to bypass authentication or gain "unauthorized network access" via unknown attack vectors.
CVE-2006-0819 1 Gnome 1 Dwarf Http Server 2025-04-03 N/A
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.