Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1568 1 Redcms 1 Redcms 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
CVE-2001-1002 1 Redhat 1 Linux 2025-04-03 N/A
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
CVE-2001-1020 1 Vibechild 1 Directory Manager 2025-04-03 N/A
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
CVE-2006-1577 1 Mantis 1 Mantis 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters.
CVE-2001-1037 1 Cisco 1 Sn 5420 Storage Router Firmware 2025-04-03 N/A
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.
CVE-2001-1038 1 Cisco 1 Sn 5420 Storage Router Firmware 2025-04-03 N/A
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.
CVE-2001-1212 1 Aktivate 1 Aktivate 2025-04-03 N/A
Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 allows remote attackers to execute arbitrary Javascript via the desc parameter.
CVE-2001-1283 1 Ipswitch 1 Imail 2025-04-03 N/A
The webmail interface for Ipswitch IMail 7.04 and earlier allows remote authenticated users to cause a denial of service (crash) via a mailbox name that contains a large number of . (dot) or other characters to programs such as (1) readmail.cgi or (2) printmail.cgi, possibly due to a buffer overflow that may allow execution of arbitrary code.
CVE-2001-1343 1 Cgicentral 2 Webstore 400, Webstore 400cs 2025-04-03 N/A
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter.
CVE-2006-1585 1 3dsrc 1 Monalbum 2025-04-03 N/A
Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b) image_agrandir.php.
CVE-2002-0611 1 Craig Patchett 1 Fileseek 2025-04-03 N/A
Directory traversal vulnerability in FileSeek.cgi allows remote attackers to read arbitrary files via a ....// (modified dot dot) in the (1) head or (2) foot parameters, which are not properly filtered.
CVE-2006-1603 1 Phpbb Group 1 Phpbb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1604 1 Exponent 1 Exponent Cms 2025-04-03 N/A
Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."
CVE-2004-0908 2 Mozilla, Redhat 3 Mozilla, Thunderbird, Enterprise Linux 2025-04-03 N/A
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
CVE-2006-1654 1 Hp 9 Color Laserjet, Color Laserjet 2500, Color Laserjet 2500 Toolbox and 6 more 2025-04-03 N/A
Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
CVE-2005-2710 2 Realnetworks, Redhat 4 Helix Player, Realplayer, Enterprise Linux and 1 more 2025-04-03 N/A
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
CVE-2006-3986 1 Knusperleicht 1 Newsletter 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter.
CVE-2006-3987 1 Knusperleicht 1 Knusperleicht Filemanager 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in index.php in Knusperleicht FileManager 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) dwl_download_path or (2) dwl_include_path parameters.
CVE-2006-3989 1 Knusperleicht 1 Shoutbox 2025-04-03 N/A
PHP remote file inclusion vulnerability in index.php in Knusperleicht Shoutbox 4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the sb_include_path parameter.
CVE-2006-4012 1 Savewebportal 1 Savewebportal 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb Portal 3.4 allow remote attackers to execute arbitrary PHP code via a URL in the SITE_Path parameter to (1) poll/poll.php or (2) poll/view_polls.php. NOTE: the menu_dx.php vector is already covered by CVE-2005-2687.