Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2469 1 Bea 1 Weblogic Server 2026-04-16 N/A
The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges.
CVE-2006-2464 1 Bea 1 Weblogic Server 2026-04-16 N/A
stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display.
CVE-2006-2532 1 Greg Donald 1 Destiney Rated Images Script 2026-04-16 N/A
stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set.
CVE-2006-2550 1 Perlpodder 1 Perlpodder 2026-04-16 N/A
perlpodder before 0.5 allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast, which are executed when saving the URL to a log file. NOTE: the wget vector is already covered by CVE-2006-2548.
CVE-2006-2548 2 Perlpodder, Prodder 2 Perlpodder, Prodder 2026-04-16 N/A
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
CVE-2006-2522 1 Dayfox Designs 1 Dayfox Blog 2026-04-16 N/A
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
CVE-2006-2564 1 Alstrasoft 1 E-friends 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message.
CVE-2006-2568 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.
CVE-1999-0145 1 Eric Allman 1 Sendmail 2026-04-16 N/A
Sendmail WIZ command enabled, allowing root access.
CVE-2000-0139 1 True North 1 Internet Anywhere Mail Server 2026-04-16 N/A
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
CVE-2000-0393 1 Kde 1 Kde 2026-04-16 N/A
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
CVE-2000-0394 1 Axent 1 Netprowler 2026-04-16 N/A
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
CVE-2000-0584 2 Debian, Freebsd 2 Debian Linux, Freebsd 2026-04-16 N/A
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
CVE-2000-0622 1 Oreilly 1 Website Professional 2026-04-16 N/A
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
CVE-2000-1035 1 Typsoft 1 Typsoft 2026-04-16 N/A
Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command.
CVE-2001-0072 2 Gnu, Redhat 2 Privacy Guard, Linux 2026-04-16 N/A
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
CVE-2004-0457 2 Oracle, Redhat 2 Mysql, Enterprise Linux 2026-04-16 N/A
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0755 2 Redhat, Yukihiro Matsumoto 2 Enterprise Linux, Ruby 2026-04-16 N/A
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
CVE-2005-3696 1 Arki-db 1 Arki-db 2026-04-16 N/A
SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php.
CVE-2005-3931 1 Asp-rider 1 Asp-rider 2026-04-16 N/A
SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.