Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1490 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-16 N/A
PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back to the client, aka a "binary safety" issue. NOTE: this issue has been referred to as a "memory leak," but it is an information leak that discloses memory contents.
CVE-2006-3235 1 Looknet 1 Fineshop 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in FineShop 3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) promocja, (2) wysw, or (3) id_produc parameters.
CVE-2006-1497 1 Vihor 1 Vihordesign 2026-04-16 N/A
Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter.
CVE-1999-0562 1 Microsoft 2 Windows 2000, Windows Nt 2026-04-16 N/A
The registry in Windows NT can be accessed remotely by users who are not administrators.
CVE-2006-1505 1 Basic Analysis And Security Engine 1 Base 2026-04-16 N/A
base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes".
CVE-2006-1506 1 Sun 2 Grid Engine, N1 Grid Engine 2026-04-16 N/A
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
CVE-2006-3253 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in member.php in vBulletin 3.5.x allows remote attackers to inject arbitrary web script or HTML via the u parameter. NOTE: the vendor has disputed this report, stating that they have been unable to replicate the issue and that "the userid parameter is run through our filtering system as an unsigned integer.
CVE-2006-3254 1 Woltlab 1 Burning Board 2026-04-16 N/A
SQL injection vulnerability in newthread.php in Woltlab Burning Board (WBB) 2.0 RC2 allows remote attackers to execute arbitrary SQL commands via the boardid parameter.
CVE-2004-0752 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-16 N/A
OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
CVE-2003-0407 1 Gnome 1 Batalla Naval 2026-04-16 N/A
Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remote attackers to execute arbitrary code via a long connection string.
CVE-2006-3734 1 Cisco 1 Cs-mars 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.
CVE-2000-0005 1 Hp 3 9000, Aserver, Hp-ux 2026-04-16 N/A
HP-UX aserver program allows local users to gain privileges via a symlink attack.
CVE-2003-0413 1 Sun 1 One Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the webapps-simple sample application for (1) Sun ONE Application Server 7.0 for Windows 2000/XP or (2) Sun Java System Web Server 6.1 allows remote attackers to insert arbitrary web script or HTML via an HTTP request that generates an "Invalid JSP file" error, which inserts the text in the resulting error message.
CVE-2006-3262 1 Mambo 1 Mambo 2026-04-16 N/A
SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter.
CVE-2006-1508 1 Mh Software 1 Connect Daily 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MH Software Connect Daily Web Calendar Software 3.2.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) calendar_id, (2) style_sheet, and (3) start parameters in (a) ViewDay.html; the (4) txtSearch and (5) opgSearch parameters in (b) ViewSearch.html; the (6) calendar_id and (7) approved parameters in (c) ViewYear.html; the (8) item_type_id parameter in (d) ViewCal.html; and the (9) week parameter in (e) ViewWeek.html.
CVE-2003-0430 2 Ethereal Group, Redhat 3 Ethereal, Enterprise Linux, Linux 2026-04-16 N/A
The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote attackers to cause a denial of service (crash) via an invalid ASN.1 value.
CVE-2006-3473 1 Drupal 1 Form Mail Module 2026-04-16 N/A
CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225.
CVE-2006-1628 1 Adobe 1 Livecycle Form Manager 2026-04-16 N/A
Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows users to authenticate and perform privileged actions when their account is marked "OBSOLETE" but the account is also active, within the authentication system.
CVE-1999-0627 1 Ibm 1 Aix 2026-04-16 N/A
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.
CVE-2003-0437 1 Mnogosearch 1 Mnogosearch 2026-04-16 N/A
Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote attackers to execute arbitrary code via a long tmplt parameter.