Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1168 1 Iss 1 Internet Security Scanner 2026-04-16 N/A
install.iss installation script for Internet Security Scanner (ISS) for Linux, version 5.3, allows local users to change the permissions of arbitrary files via a symlink attack on a temporary file.
CVE-2004-2084 1 Jshop E-commerce 2 Jshop Professional, Jshop Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.
CVE-1999-1170 2 Ipswitch, Progress 2 Imail, Ws Ftp Server 2026-04-16 N/A
IPswitch IMail allows local users to gain additional privileges and modify or add mail accounts by setting the "flags" registry key to 1920.
CVE-2006-2159 1 Russcom Network 1 Loginphp 2026-04-16 N/A
CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address.
CVE-2006-2183 1 Truecrypt Foundation 1 Truecrypt 2026-04-16 N/A
Untrusted search path vulnerability in Truecrypt 4.1, when running suid root on Linux, allows local users to execute arbitrary commands and gain privileges via a modified PATH environment variable that references a malicious mount command.
CVE-2002-1575 1 Mit 1 Cgiemail 2026-04-16 N/A
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
CVE-2006-4263 1 Product Scroller Module 1 Product Scroller Module 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in the Product Scroller Module and other modules in mambo-phpshop (com_phpshop) for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) mod_phpshop.php, (2) mod_phpshop_allinone.php, (3) mod_phpshop_cart.php, (4) mod_phpshop_featureprod.php, (5) mod_phpshop_latestprod.php, (6) mod_product_categories.php, (7) mod_productscroller.php, and (8) mosproductsnap.php.
CVE-2006-4265 1 Kaspersky Lab 1 Kaspersky Anti-hacker 2026-04-16 N/A
Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode.
CVE-2005-0206 15 Ascii, Cstex, Debian and 12 more 22 Ptex, Cstetex, Debian Linux and 19 more 2026-04-16 N/A
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVE-2005-0208 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.
CVE-2006-4266 1 Symantec 1 Norton Personal Firewall 2026-04-16 N/A
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this.
CVE-2006-2184 1 Chadha Software Technologies 1 Phpkb Knowledge Base 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the mentioned issues and now the search section of PHPKB script is free from any XSS issues."
CVE-2005-0212 1 Amp 1 Amp Ii 3d Game Engine 2026-04-16 N/A
The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet.
CVE-2006-4269 2 Joomla, Mambo 2 X-shop Component, X-shop Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
CVE-2003-1234 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow in the f_count counter in FreeBSD before 4.2 through 5.0 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via multiple calls to (1) fpathconf and (2) lseek, which do not properly decrement f_count through a call to fdrop.
CVE-2005-0234 1 Apple 1 Safari 2026-04-16 N/A
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2000-0420 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The default configuration of SYSKEY in Windows 2000 stores the startup key in the registry, which could allow an attacker tor ecover it and use it to decrypt Encrypted File System (EFS) data.
CVE-2005-0237 2 Kde, Redhat 3 Kde, Konqueror, Enterprise Linux 2026-04-16 N/A
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-0238 4 Gnome, Mozilla, Omnigroup and 1 more 5 Epiphany, Camino, Mozilla and 2 more 2026-04-16 N/A
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2006-4272 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level.