Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3909 1 Wired Community Software 1 Wwwthreads 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter.
CVE-2006-2702 1 Wordpress 1 Wordpress 2026-04-16 N/A
vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows remote attackers to spoof their IP address via a PC_REMOTE_ADDR HTTP header, which vars.php uses to redefine $_SERVER['REMOTE_ADDR'].
CVE-2006-2707 1 Secure Elements 1 Class 5 Enterprise Vulnerability Management 2026-04-16 N/A
Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not validate the peer certificate when obtaining an update, which could allow remote attackers to distribute malicious updates to clients.
CVE-2006-2708 1 Secure Elements 1 Class 5 Enterprise Vulnerability Management 2026-04-16 N/A
Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows remote attackers to read portions of process memory via a modified size for (1) EM_GET_CE_PARAMETER and (2) EM_SET_CE_PARAMETER messages, which leads to a buffer overflow (probably an over-read).
CVE-2006-2725 1 Epic Designs 1 Eggblog 2026-04-16 N/A
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-1999-1169 1 Flavio Veloso 1 Nobo 2026-04-16 N/A
nobo 1.2 allows remote attackers to cause a denial of service (crash) via a series of large UDP packets.
CVE-2006-2727 1 Epic Designs 1 Eggblog 2026-04-16 N/A
home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
CVE-2004-0190 1 Symantec 3 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r 2026-04-16 N/A
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
CVE-2006-2728 1 Jan Chmelik 1 Photoalbum Bandw 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter.
CVE-2006-2729 1 Jan Chmelik 1 Photoalbum Bandw 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the gal parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2731 1 Enigma Haber 1 Enigma Haber 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) e_mesaj_yas.asp, (b) edi_haber.asp, and (c) haber_devam.asp; (2) hid parameter in (d) yazdir.asp and (e) yorum.asp, and the (3) e parameter in (f) arsiv.asp. NOTE: with administrator credentials, additional vectors exist including (4) yid parameter to (g) admin/y_admin.asp, (5) bid parameter to (h) admin/reklam_detay.asp, hid parameter to (i) admin/detay_yorum.asp and (j) admin/haber_sil.asp, (6) kid parameter to (k) admin/kategori_d.asp, (7) tur parameter to (l) admin/haber_ekle.asp, (8) s parameter to (m) admin/e_mesaj_yaz.asp, and id parameter to (n) admin/admin_sil.asp.
CVE-2006-2732 1 Mini-nuke 1 Mini-nuke 2026-04-16 N/A
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
CVE-2006-2743 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
CVE-2003-1502 1 Snert.com 1 Mod Throttle 2026-04-16 N/A
mod_throttle 3.0 allows local users with Apache privileges to access shared memory that points to a file that is writable by the apache user, which could allow local users to gain privileges.
CVE-2006-2746 1 Facile Interactive Web 1 Facile Interactive Web 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
CVE-2003-1507 1 Planet Technology Corp 2 Wgsd-1020, Wsw-2401 2026-04-16 N/A
Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a default "superuser" account with the "planet" password, which allows remote attackers to gain administrative access.
CVE-2003-1510 1 Rit Research Labs 1 Tinyweb 2026-04-16 N/A
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
CVE-2006-2748 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
CVE-2006-3914 1 Blackboard 1 Blackboard Academic Suite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
CVE-2003-1516 1 Sun 1 Java Plug-in 2026-04-16 N/A
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.