Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2498 1 Invision Power Services 1 Invision Power Board 2025-04-03 N/A
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php.
CVE-2006-0099 1 Valdersoft 1 Valdersoft Shopping Cart 2025-04-03 N/A
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter.
CVE-2006-2542 1 Ti Kan 1 Xmcd 2025-04-03 N/A
xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption).
CVE-2006-0821 1 Bxcp 1 Bxcp 2025-04-03 N/A
SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter.
CVE-2006-1198 1 Comvigo 1 Im Lock 2025-04-03 N/A
Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password.
CVE-2006-1234 1 Dsportal 1 Dscounter 2025-04-03 N/A
SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header.
CVE-2001-0296 1 Texas Imperial Software 1 Wftpd Pro 2025-04-03 N/A
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
CVE-2002-0766 1 Openbsd 1 Openbsd 2025-04-03 N/A
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
CVE-2002-0767 1 Richard Gooch 1 Simpleinit 2025-04-03 N/A
simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.
CVE-2002-0770 1 Id Software 1 Quake 2i Server 2025-04-03 N/A
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
CVE-2002-0782 1 Novell 1 Bordermanager 2025-04-03 N/A
Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.
CVE-2006-2688 1 Achievo 1 Achievo 2025-04-03 N/A
SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter.
CVE-2006-2746 1 Facile Interactive Web 1 Facile Interactive Web 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
CVE-2006-2763 1 Pre Projects 1 Pre News Manager 2025-04-03 N/A
SQL injection vulnerability in Pre News Manager 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) index.php, and the (2) nid parameter to (b) news_detail.php, (c) email_story.php, (d) thankyou.php, (e) printable_view.php, (f) tella_friend.php, and (g) send_comments.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this is primary to CVE-2006-2678.
CVE-2006-2771 1 Hogstorps 1 Hogstorp Guestbook 2025-04-03 N/A
admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter.
CVE-2006-2261 1 Acal 1 Acal 2025-04-03 N/A
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-2915 1 Deluxebb 1 Deluxebb 2025-04-03 N/A
Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) hideemail, (2) languagex, (3) xthetimeoffset, and (4) xthetimeformat parameters during account registration.
CVE-2002-0468 2 Ecartis, Listar 2 Ecartis, Listar 2025-04-03 N/A
Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.
CVE-2002-2048 1 Michael Baumer 1 Pfinger 2025-04-03 N/A
Buffer overflow in PFinger 0.7.8 client allows remote attackers to execute arbitrary code via a long query value passed to the (1) finger program, (2) -l, (3) -d, and (4) -t options. NOTE: if PFinger is not setuid or setgid, then this issue would not cross privilege boundaries and would not be considered a vulnerability.
CVE-2002-2140 1 Cisco 1 Pix Firewall Software 2025-04-03 N/A
Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.