Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3082 1 Seo-board 1 Seo-board 2026-04-16 N/A
SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie.
CVE-2001-0981 1 Hp 1 Cifs-9000 Server 2026-04-16 N/A
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
CVE-2005-3083 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2001-0487 1 Ibm 1 Aix Snmp 2026-04-16 N/A
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.
CVE-2001-1504 1 Ibm 1 Lotus Notes 2026-04-16 N/A
Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.
CVE-2005-3084 1 Sony 1 Playstation Portable 2026-04-16 N/A
Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.
CVE-2006-1494 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
CVE-2001-1254 1 Com2001 1 Alexis Server 2026-04-16 N/A
Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.
CVE-2001-1257 1 Horde 1 Imp 2026-04-16 N/A
Cross-site scripting vulnerability in Horde Internet Messaging Program (IMP) before 2.2.6 and 1.2.6 allows remote attackers to execute arbitrary Javascript embedded in an email.
CVE-2006-1608 1 Php 1 Php 2026-04-16 N/A
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
CVE-2001-1265 1 Ibm 1 Alphaworks Tftp Server 2026-04-16 N/A
Directory traversal vulnerability in IBM alphaWorks Java TFTP server 1.21 allows remote attackers to conduct unauthorized operations on arbitrary files via a .. (dot dot) attack.
CVE-2001-1277 1 Wolfram Schneider 1 Makewhatis 2026-04-16 N/A
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
CVE-2001-1284 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVE-2005-3100 1 Astaro 1 Security Linux 2026-04-16 N/A
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
CVE-2001-0497 1 Isc 1 Bind 2026-04-16 7.8 High
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
CVE-2001-1510 1 Macromedia 1 Jrun 2026-04-16 N/A
Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.
CVE-2005-3112 1 Macromedia 1 Breeze 2026-04-16 N/A
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
CVE-2005-3121 1 Eduard Bloch 1 Module-assistant 2026-04-16 N/A
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
CVE-2004-1220 1 Digital Illusions 2 Battlefield 1942, Battlefield Vietnam 2026-04-16 N/A
Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2026-04-16 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.