Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1207 1 Network General 1 Netxray 2026-04-16 N/A
Buffer overflow in web-admin tool in NetXRay 2.6 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request.
CVE-2006-1339 1 Cutephp 1 Cutenews 2026-04-16 N/A
Directory traversal vulnerability in inc/functions.inc.php in CuteNews 1.4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the archive parameter in an HTTP POST or COOKIE request, which bypasses a sanity check that is only applied to a GET request.
CVE-2006-1343 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.
CVE-2006-1372 1 Benson It Solutions 1 1webcalendar 2026-04-16 N/A
Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) EventID parameter in viewEvent.cfm, (2) NewsID parameter in newsView.cfm, or (3) ThisDate parameter in mainCal.cfm.
CVE-2003-0329 1 Aclogic 1 Cesarftp 2026-04-16 N/A
CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges.
CVE-2006-1376 1 Debian 1 Debian Linux 2026-04-16 N/A
The installation of Debian GNU/Linux 3.1r1 from the network install CD creates /var/log/debian-installer/cdebconf with world writable permissions, which allows local users to cause a denial of service (disk consumption).
CVE-2006-1383 1 Pablo Software Solutions 1 Baby Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 allows remote authenticated users to determine existence of files outside the intended document root via unspecified manipulations, which generate different error messages depending on whether a file exists or not.
CVE-2006-1394 1 University Of Washington 1 Pubcookie 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft IIS ISAPI filter (aka application server module) in University of Washington Pubcookie 3.1.0, 3.1.1, 3.2 before 3.2.1b, and 3.3 before 3.3.0a allow remote attackers to inject arbitrary web script or HTML via unspecified attack vectors.
CVE-2006-1400 1 Metisware 1 Instructor 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MyTasks/PersonalTaskEdit.asp in Metisware Instructor 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Task parameter.
CVE-2006-1401 1 Php Lite 1 Calendar Express 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2003-0343 1 Selom Ofori 1 Blackmoon Ftp Server 2026-04-16 N/A
BlackMoon FTP Server 2.6 Free Edition, and possibly other distributions and versions, generates an "Account does not exist" error message when an invalid username is entered, which makes it easier for remote attackers to conduct brute force attacks.
CVE-2006-3128 1 Easy-cms 1 Easy-cms 2026-04-16 N/A
choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories directory.
CVE-2006-1402 1 Csdoom 1 Csdoom 2026-04-16 N/A
Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function.
CVE-2006-3134 1 Gracenote 1 Cddbcontrol Activex Control 2026-04-16 N/A
Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by multiple products that use Gracenote CDDB, allows remote attackers to execute arbitrary code via a long option string.
CVE-2006-1403 1 Csdoom 1 Csdoom 2005 2026-04-16 N/A
Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via format string specifiers in strings passed to the console.
CVE-2003-0360 1 Debian 1 Debian Linux 2026-04-16 N/A
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2006-1406 1 Uniforum 1 Uniforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters.
CVE-2006-1410 1 Xigla 1 Absolute Live Support Xe 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field.
CVE-2003-0366 1 Lysator 1 Lyskom-server 2026-04-16 N/A
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.
CVE-1999-0537 2 Microsoft, Netscape 2 Internet Explorer, Communicator 2026-04-16 N/A
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc.