Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0835 1 Mitridat 1 Web Calendar Pro 2026-04-16 N/A
SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter.
CVE-2003-1507 1 Planet Technology Corp 2 Wgsd-1020, Wsw-2401 2026-04-16 N/A
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
CVE-2006-0836 1 Mozilla 1 Thunderbird 2026-04-16 N/A
Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field.
CVE-2005-0626 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
CVE-2003-1510 1 Rit Research Labs 1 Tinyweb 2026-04-16 N/A
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
CVE-2006-2264 1 Ocean12 Technologies 1 Calendar Manager Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0633 1 Cerulean Studios 2 Trillian, Trillian Pro 2026-04-16 N/A
Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file.
CVE-2006-2748 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
CVE-2006-3914 1 Blackboard 1 Blackboard Academic Suite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
CVE-2005-1482 1 Interspire 1 Articlelive 2026-04-16 N/A
ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.
CVE-2003-1516 1 Sun 1 Java Plug-in 2026-04-16 N/A
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
CVE-2005-0636 1 Foxmail 1 Foxmail Email Server 2026-04-16 N/A
Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command.
CVE-2006-0858 1 Starforce 1 Safe N Sec Personal \+ Anti-spyware 2026-04-16 N/A
Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder.
CVE-2006-2067 1 Mkportal 1 Mkportal 2026-04-16 N/A
SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, as used with vBulletin 3.5.4 and earlier, allows remote attackers to execute arbitrary SQL commands via the userid parameter.
CVE-1999-0147 1 University Of Arizona 2 Glimpse Http, Webglimpse 2026-04-16 N/A
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.
CVE-2005-0638 4 Altlinux, Redhat, Suse and 1 more 4 Alt Linux, Enterprise Linux, Suse Linux and 1 more 2026-04-16 N/A
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
CVE-2002-0380 2 Lbl, Redhat 3 Tcpdump, Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.
CVE-1999-0148 1 Sgi 1 Irix 2026-04-16 N/A
The handler CGI program in IRIX allows arbitrary command execution.
CVE-2004-1380 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (background) tabs to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows and facilitate phishing attacks, aka the "Dialog Box Spoofing Vulnerability."
CVE-2006-2751 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php.