Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1295 2 Redhat, Suse 2 Enterprise Linux, Suse Linux 2026-04-16 N/A
Unspecified vulnerability in xscreensaver 4.12, and possibly other versions, allows attackers to cause xscreensaver to crash via unspecified vectors "while verifying the user-password."
CVE-2006-2675 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters.
CVE-2003-1299 1 Pablo Software Solutions 1 Baby Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Baby FTP Server 1.2, and possibly other versions before May 31, 2003 allows remote authenticated users to list arbitrary directories and possibly read files via "..." (triple dot) manipulations to the CWD command.
CVE-2003-1301 1 Sun 1 Jre 2026-04-16 N/A
Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses.
CVE-2003-1302 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-16 N/A
The IMAP functionality in PHP before 4.3.1 allows remote attackers to cause a denial of service via an e-mail message with a (1) To or (2) From header with an address that contains a large number of "\" (backslash) characters.
CVE-2003-1305 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to cause a denial of service (resource consumption) via a Javascript src attribute that recursively loads the current web page.
CVE-2003-1307 1 Apache 1 Http Server 2026-04-16 N/A
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incoming connections on the server's TCP port. NOTE: the PHP developer has disputed this vulnerability, saying "The opened file descriptors are opened by Apache. It is the job of Apache to protect them ... Not a bug in PHP.
CVE-2003-1311 1 Netegrity 1 Siteminder 2026-04-16 N/A
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensure that the TARGET parameter names a valid redirection resource, which allows remote attackers to construct a URL that might trick users into visiting an arbitrary web site referenced by this parameter.
CVE-2006-2676 1 Sitescape 1 Sitescape Forum 2026-04-16 N/A
Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames.
CVE-2003-1314 1 Eternalmart 1 Eternalmart Guestbook 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/auth.php in EternalMart Guestbook (EMGB) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the emgb_admin_path parameter.
CVE-2003-1316 1 Endonesia 1 Endonesia 2026-04-16 N/A
mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive information via a ' (quote) value in the lng parameter, which reveals the path in an error message. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2003-1319 1 Smartftp 1 Smartftp 2026-04-16 N/A
Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.
CVE-2006-2711 1 Secure Elements 1 Class 5 Enterprise Vulnerability Management 2026-04-16 N/A
Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and possibly later 2.8.x releases, uses the same initialization vector and key for each message session, which allows remote attackers to obtain potentially sensitive information about messages.
CVE-2006-2718 1 Jiwa 1 Financials 2026-04-16 N/A
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
CVE-2006-2724 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
CVE-2006-2725 1 Epic Designs 1 Eggblog 2026-04-16 N/A
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-1999-1169 1 Flavio Veloso 1 Nobo 2026-04-16 N/A
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
CVE-2006-2727 1 Epic Designs 1 Eggblog 2026-04-16 N/A
home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
CVE-2004-0190 1 Symantec 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r 2026-04-16 N/A
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
CVE-2006-2728 1 Jan Chmelik 1 Photoalbum Bandw 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.