Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4071 1 Microsoft 2 Windows 2003 Server, Windows Xp 2025-04-03 N/A
Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
CVE-2006-4527 1 Devellion 1 Cubecart 2025-04-03 N/A
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
CVE-2006-4528 1 Membrepass 1 Membrepass 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.
CVE-2004-1857 1 Hp 1 Web Jetadmin 2025-04-03 N/A
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
CVE-2004-2184 1 Digicraft Software 1 Yak 2025-04-03 N/A
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
CVE-1999-1587 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option.
CVE-2002-0572 3 Freebsd, Openbsd, Sun 4 Freebsd, Openbsd, Solaris and 1 more 2025-04-03 N/A
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
CVE-2002-1446 1 Ncipher 1 Pkcs 11 Library 2025-04-03 N/A
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
CVE-2006-4143 1 Netgear 1 Fvg318 2025-04-03 N/A
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
CVE-1999-0138 7 Apple, Digital, Freebsd and 4 more 9 A Ux, Osf 1, Freebsd and 6 more 2025-04-03 N/A
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
CVE-2005-0873 1 Oracle 1 10g Reports Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
CVE-2005-0874 1 Cerulean Studios 1 Trillian 2025-04-03 N/A
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
CVE-2005-1738 1 Iron Bars Shell 1 Iron Bars Shell 2025-04-03 N/A
Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call.
CVE-2005-0875 1 Cerulean Studios 1 Trillian 2025-04-03 N/A
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.
CVE-2005-1741 1 Gearbox Software 1 Halo Combat Evolved 2025-04-03 N/A
Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data.
CVE-2005-0876 1 Dnsmasq 1 Dnsmasq 2025-04-03 N/A
Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.
CVE-2005-0879 1 Vortex Portal 1 Vortex Portal 2025-04-03 N/A
PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter.
CVE-1999-0165 3 Bsdi, Linux, Sun 5 Bsd Os, Linux Kernel, Nfs and 2 more 2025-04-03 N/A
NFS cache poisoning.
CVE-2005-0711 3 Mysql, Oracle, Redhat 4 Mysql, Mysql, Enterprise Linux and 1 more 2025-04-03 N/A
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
CVE-2005-1745 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2025-04-03 N/A
The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack 3 prints the password to standard output when an incorrect login attempt is made, which could make it easier for attackers to guess the correct password.