Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1206 1 Pntresmailer 1 Pntresmailer 2025-04-03 N/A
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.
CVE-2006-4684 1 Zope 1 Zope 2025-04-03 N/A
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
CVE-2005-1760 1 Redhat 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2025-04-03 N/A
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
CVE-2006-4567 2 Mozilla, Redhat 3 Firefox, Thunderbird, Enterprise Linux 2025-04-03 N/A
Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.
CVE-2006-4570 2 Mozilla, Redhat 3 Seamonkey, Thunderbird, Enterprise Linux 2025-04-03 N/A
Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.
CVE-2006-4837 1 Codeworx Technologies 1 Dcp-portal 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
CVE-2005-3258 1 Squid 1 Squid 2025-04-03 N/A
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
CVE-2005-4679 1 Microsoft 1 Ie 2025-04-03 N/A
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.
CVE-2006-2861 1 Particle Soft 1 Particle Wiki 2025-04-03 N/A
SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the version parameter.
CVE-2006-2867 1 Coolforum 1 Coolforum 2025-04-03 N/A
SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta and earlier allows remote attackers to execute arbitrary SQL commands via the post parameter.
CVE-2006-3881 1 Musicbox 1 Musicbox 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter in a request for the top-level URI. NOTE: the id parameter in index.php, and the type and show parameters in a top action, are already covered by CVE-2006-1349; and the term parameter in a search action is already covered by CVE-2006-1806.
CVE-2006-3885 1 Checkpoint 1 Firewall-1 2025-04-03 N/A
Directory traversal vulnerability in Check Point Firewall-1 R55W before HFA03 allows remote attackers to read arbitrary files via an encoded .. (dot dot) in the URL on TCP port 18264.
CVE-2006-3902 1 Phpfaber 1 Topsites 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4073 1 Phpcc 1 Phpcc 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.
CVE-2006-4455 1 Xchat 1 Xchat 2025-04-03 N/A
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
CVE-1999-1487 1 Ibm 1 Aix 2025-04-03 N/A
Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system.
CVE-1999-1558 1 Digital 2 Digital Openvms, Digital Openvms Axp 2025-04-03 N/A
Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows unauthorized access when external authentication is enabled.
CVE-1999-1580 2 Sendmail, Sun 2 Sendmail, Sunos 2025-04-03 N/A
SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable and passing crafted values to the -oR option.
CVE-2006-3224 1 Apple 1 Safari 2025-04-03 N/A
Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote attackers to cause a denial of service (CPU consumption) via Javascript with an infinite for loop. NOTE: it could be argued that this is not a vulnerability, unless it interferes with the operation of the system outside of the scope of Safari itself.
CVE-2003-0935 2 Net-snmp, Redhat 3 Net-snmp, Enterprise Linux, Linux 2025-04-03 N/A
Net-SNMP before 5.0.9 allows a user or community to access data in MIB objects, even if that data is not allowed to be viewed.