Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0638 3 Hp, Mandrakesoft, Redhat 6 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 3 more 2025-04-03 N/A
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVE-2006-1157 1 Adp 1 Adp Forum 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php.
CVE-2004-2562 1 Leigh Business Enterprises 1 Web Helpdesk 2025-04-03 N/A
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-2269 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing").
CVE-2006-1159 1 Efs Software 1 Efs Web Server 2025-04-03 N/A
Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request.
CVE-2005-2449 1 Sandbox 1 Sandbox 2025-04-03 N/A
Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.
CVE-2005-2451 1 Cisco 2 Ios, Ios Xr 2025-04-03 N/A
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
CVE-2006-0449 1 E-post Corporation 2 Mail Server, Spa-pro Mail Atsolomon 2025-04-03 N/A
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent.
CVE-2002-0648 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
CVE-2006-0452 1 Redhat 2 Directory Server, Fedora Core 2025-04-03 N/A
dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.
CVE-2005-2457 1 Linux 1 Linux Kernel 2025-04-03 N/A
The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.
CVE-2005-2460 1 Kayako 1 Liveresponse 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message.
CVE-2005-2461 1 Kayako 1 Liveresponse 2025-04-03 N/A
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
CVE-2006-0453 1 Redhat 2 Directory Server, Fedora Core 2025-04-03 N/A
The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.
CVE-2005-2559 1 E107 1 E107 2025-04-03 N/A
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
CVE-2006-0493 1 Thomas Rybak 1 Mg2 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in MG2 (formerly known as Minigal) 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field in a comment associated with a picture.
CVE-2006-0494 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 N/A
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter.
CVE-2006-0495 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).
CVE-2006-0503 1 Mailenable 1 Mailenable Professional 2025-04-03 N/A
IMAP service in MailEnable Professional Edition before 1.72 allows remote attackers to cause a denial of service (service crash) via unspecified vectors involving the EXAMINE command.
CVE-2005-2561 1 Myfaq 1 Myfaq 2025-04-03 N/A
Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3.