Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2904 1 Particle Soft 1 Particle Links 2025-04-03 N/A
SQL injection vulnerability in index.php in Partial Links 1.2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2000-0981 1 Oracle 1 Mysql 2025-04-03 N/A
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
CVE-2006-3475 1 Free Qboard 1 Free Qboard 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) features.php or (7) history.php, a different set of vectors than CVE-2006-2998.
CVE-2006-2933 2 Kde, Redhat 3 Kde, Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat Enterprise Linux (RHEL) 3 does not properly terminate, which can prevent the screensaver from activating or prevent users from manually locking the desktop.
CVE-2006-4451 1 Cj Design 1 Cj Tag Board 2025-04-03 N/A
Direct static code injection vulnerability in CJ Tag Board 3.0 allows remote attackers to execute arbitrary PHP code via the (1) User-Agent HTTP header in tag.php, which is executed by all.php, and (2) the banned parameter in admin_index.php.
CVE-2006-3325 1 Id Software 1 Quake 3 Engine 2025-04-03 N/A
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
CVE-2000-0943 1 Max-wilhelm Bruker 1 Bftpd 2025-04-03 N/A
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.
CVE-2006-2194 1 Point-to-point Protocol Project 1 Point-to-point Protocol 2025-04-03 N/A
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
CVE-2006-2195 1 Horde 1 Horde 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php.
CVE-2005-2696 1 Ibm 1 Lotus Notes 2025-04-03 N/A
IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.
CVE-2005-2204 1 Broadcom 1 Etrust Siteminder 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
CVE-2005-2090 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2025-04-03 N/A
Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2006-2221 2 Bitrock, Process-one 2 Install Builder, Ejabberd 2025-04-03 N/A
A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer.
CVE-2006-2225 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2025-04-03 N/A
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
CVE-2006-2277 1 Apple 1 Mac Os X 2025-04-03 N/A
Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.
CVE-2006-2279 1 Arabless 1 Saphplesson 2025-04-03 N/A
Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php, and the (2) LID and (3) Rate parameters in (b) misc.php.
CVE-2006-2280 1 Openengine 1 Openengine 2025-04-03 N/A
Directory traversal vulnerability in website.php in openEngine 1.8 Beta 2 and earlier allows remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2006-3326 1 Joesph Leung 1 Quickzip 2025-04-03 N/A
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2330 1 Php Fusion 1 Php Fusion 2025-04-03 N/A
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
CVE-2006-2333 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 N/A
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.