Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2437 1 Website Baker 1 Website Baker 2026-04-16 N/A
Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code.
CVE-2005-2985 1 Aewebworks 1 Aedating 2026-04-16 N/A
SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter.
CVE-2006-1046 1 Monopd 1 Monopd 2026-04-16 N/A
server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output.
CVE-2003-1275 1 Microsoft 1 Pocket Ie 2026-04-16 N/A
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
CVE-2006-1837 1 Clanscripte.net 1 Fuju News 2026-04-16 N/A
SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.
CVE-2000-0976 1 Xfree86 Project 1 Xlib 2026-04-16 N/A
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
CVE-2006-4960 1 Blue Dragon 1 Php Blue Dragon 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon 2.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter, which is reflected in an error message resulting from a failed SQL query.
CVE-2006-4993 1 Allmyguests Project 1 Allmyguests 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in AllMyGuests 0.4.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _AMGconfig[cfg_serverpath] parameter in (1) modules/AllMyGuests/signin.php (aka the Nuke module) and (2) AllMyGuests/signin.php (aka the standalone).
CVE-2004-2644 1 Asn.1 Compiler 1 Asn.1 Compiler 2026-04-16 N/A
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.
CVE-2004-1397 1 Usemod 1 Usemodwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.
CVE-2005-2443 1 Kshout 1 Kshout 2026-04-16 N/A
Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
CVE-2000-1064 1 Hp 1 Jetdirect 2026-04-16 N/A
Buffer overflow in the LPD service in HP JetDirect printer card Firmware x.08.20 and earlier allows remote attackers to cause a denial of service.
CVE-2006-4434 1 Sendmail 1 Sendmail 2026-04-16 7.5 High
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the severity of this issue, saying "The only denial of service that is possible here is to fill up the disk with core dumps if the OS actually generates different core dumps (which is unlikely)... the bug is in the shutdown code (finis()) which leads directly to exit(3), i.e., the process would terminate anyway, no mail delivery or receiption is affected."
CVE-2003-0406 1 Palmvnc 1 Palmvnc 2026-04-16 N/A
PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCDB, which is backed up to PCs that the Palm is synchronized with, which could allow attackers to gain privileges.
CVE-2006-3899 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to cause a denial of service (application crash) by calling the stringToBinary function of the CEnroll.CEnroll.2 ActiveX object with a long second argument, which triggers an invalid memory access inside the SysAllocStringLen function.
CVE-2001-0173 2 Nobreak Technologies, Qdecoder 2 Crazywwwboard, Qdecoder 2026-04-16 N/A
Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
CVE-2004-1403 1 Sir 1 Gnuboard 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.
CVE-1999-1532 1 Netscape 1 Messaging Server 2026-04-16 N/A
Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker to cause a denial of service (memory exhaustion) via a series of long RCPT TO commands.
CVE-2002-1664 1 Yahoo 1 Messenger 2026-04-16 N/A
Yahoo! Messenger before February 2002 allows remote attackers to add arbitrary users to another user's buddy list and possibly obtain sensitive information.
CVE-2004-0238 1 0verkill 1 0verkill 2026-04-16 N/A
Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.