Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4454 1 Hlstats 1 Hlstats 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-4462 1 Gonafish.com 1 Linkscaffe 2025-04-03 N/A
Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to administrator functions, which allows remote attackers to gain full administration rights via a direct request to Admin/admin1953.php.
CVE-2005-1748 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2025-04-03 N/A
The embedded LDAP server in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 5, allows remote anonymous binds, which may allow remote attackers to view user entries or cause a denial of service.
CVE-2006-4473 1 Joomla 1 Joomla 2025-04-03 N/A
Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks.
CVE-2006-4474 1 Joomla 1 Joomla 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search.
CVE-2001-1538 1 Speedxess 1 Ha-120 Dsl Router 2025-04-03 N/A
SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.
CVE-2005-1766 2 Realnetworks, Redhat 3 Realplayer, Enterprise Linux, Rhel Extras 2025-04-03 N/A
Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file.
CVE-2005-2612 1 Wordpress 1 Wordpress 2025-04-03 N/A
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2005-2613 1 Cpaint 1 Cpaint 2025-04-03 N/A
Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.
CVE-2005-0014 1 Ncpfs 1 Ncpfs 2025-04-03 N/A
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
CVE-2000-0999 1 Openbsd 1 Openssh 2025-04-03 N/A
Format string vulnerabilities in OpenBSD ssh program (and possibly other BSD-based operating systems) allow attackers to gain root privileges.
CVE-2000-1079 1 Microsoft 4 Windows 2000, Windows 95, Windows 98 and 1 more 2025-04-03 N/A
Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
CVE-2000-1111 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
CVE-2005-2512 1 Apple 2 Mac Os X, Mail 2025-04-03 N/A
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
CVE-2004-2667 1 Ibm 1 Lotus Domino 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2001-0014 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
CVE-2001-0015 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
CVE-2001-0238 1 Microsoft 6 Windows 2000, Windows 95, Windows 98 and 3 more 2025-04-03 N/A
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
CVE-2001-0349 1 Microsoft 1 Windows 2000 2025-04-03 N/A
Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
CVE-2001-1552 1 Microsoft 1 Windows Me 2025-04-03 N/A
ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message. NOTE: multiple replies to the original post state that the problem could not be reproduced.