Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2885 1 Maxdev 1 Md-pro 2025-04-03 N/A
The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files.
CVE-2006-2725 1 Epic Designs 1 Eggblog 2025-04-03 N/A
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2732 1 Mini-nuke 1 Mini-nuke 2025-04-03 N/A
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
CVE-2006-3690 1 Minibb 1 Forum 2025-04-03 N/A
Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum 1.5a and earlier allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to (1) components/com_minibb.php or (2) components/minibb/index.php.
CVE-2004-1823 1 Jelsoft 1 Vbulletin 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php.
CVE-2006-3736 1 Mambo 1 Videodb 2025-04-03 N/A
PHP remote file inclusion vulnerability in core/videodb.class.xml.php in the VideoDB component for Mambo 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2004-0362 1 Iss 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more 2025-04-03 N/A
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm.
CVE-2002-0732 1 Levcgi.com 1 Myguestbook 2025-04-03 N/A
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.
CVE-2004-0842 2 Avaya, Microsoft 7 Definity One Media Server, Ip600 Media Servers, Modular Messaging Message Storage Server and 4 more 2025-04-03 N/A
Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "<STYLE>@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
CVE-2004-0844 1 Microsoft 1 Ie 2025-04-03 N/A
Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows remote attackers to alter displayed address bars and spoof web pages via a URL containing special characters, facilitating phishing attacks, aka the "Address Bar Spoofing on Double Byte Character Set Systems Vulnerability."
CVE-2006-0870 1 Mini-nuke 1 Mini-nuke Cms 2025-04-03 N/A
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
CVE-2006-1322 1 Novell 2 Netware, Netware Ftp Server 2025-04-03 N/A
Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.
CVE-2006-3993 1 Tsep 1 Tsep 2025-04-03 N/A
PHP remote file inclusion vulnerability in copyright.php in Olaf Noehring The Search Engine Project (TSEP) 0.942 allows remote attackers to execute arbitrary PHP code via a URL in the tsep_config[absPath] parameter.
CVE-1999-0384 1 Microsoft 6 Office, Outlook, Project and 3 more 2025-04-03 N/A
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
CVE-1999-0504 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
A Windows NT local user or administrator account has a default, null, blank, or missing password.
CVE-1999-0511 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
IP forwarding is enabled on a machine which is not a router or firewall.
CVE-1999-0519 1 Microsoft 4 Outlook, Windows 2000, Windows 95 and 1 more 2025-04-03 N/A
A NETBIOS/SMB share password is the default, null, or missing.
CVE-1999-0535 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
A Windows NT account policy for passwords has inappropriate, security-critical settings, e.g. for password length, password age, or uniqueness.
CVE-1999-0715 1 Microsoft 2 Windows 2000, Windows Nt 2025-04-03 N/A
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
CVE-1999-0795 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches.