Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1657 1 Postgresql 1 Postgresql 2026-04-16 7.5 High
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
CVE-2002-1975 1 Sharp 4 Zaurus Sl-5000d, Zaurus Sl-5000d Firmware, Zaurus Sl-5500 and 1 more 2026-04-16 5.5 Medium
Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt the screen-locking password as stored in the Security.conf file, which makes it easier for local users to guess the password via brute force methods.
CVE-2005-1688 1 Wordpress 1 Wordpress 2026-04-16 5.3 Medium
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.
CVE-2006-4945 1 Cardway 1 Digitalwebshop 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
CVE-2001-0126 1 Oracle 1 Oracle8i 2026-04-16 N/A
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
CVE-2003-1096 1 Cisco 1 Leap 2026-04-16 N/A
The Cisco LEAP challenge/response authentication mechanism uses passwords in a way that is susceptible to dictionary attacks, which makes it easier for remote attackers to gain privileges via brute force password guessing attacks.
CVE-2003-1098 1 Hp 1 Hp-ux 2026-04-16 N/A
The Xserver for HP-UX 11.22 was not properly built, which introduced a vulnerability that allows local users to gain privileges.
CVE-2000-0133 1 H. Nomura 1 Tiny Ftpdaemon 2026-04-16 N/A
Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to execute commands via the STOR, RNTO, MKD, XMKD, RMD, XRMD, APPE, SIZE, and RNFR commands.
CVE-2001-0296 1 Texas Imperial Software 1 Wftpd Pro 2026-04-16 N/A
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
CVE-2006-4264 1 Mambo 1 Mtg Myhomepage Component 2026-04-16 9.8 Critical
Multiple PHP remote file inclusion vulnerabilities in the lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) install.lmtg_homepage.php and (2) mtg_homepage.php. NOTE: this issue has been disputed by a third party, who states that the $mosConfig_absolute_path variable is only used within a function definition. CVE source code analysis on 20060824 is not conclusive but tends to concur with the dispute. In addition, it appears that the component name is actually "lmtg_myhomepage"
CVE-2000-0829 1 Redhat 2 Linux, Tmpwatch 2026-04-16 N/A
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
CVE-2002-0607 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows remote attackers to execute arbitrary code via a SQL injection attack on the parameters (1) M_NAME, (2) UserName, (3) FirstName, (4) LastName, or (5) INITIAL.
CVE-2003-0358 3 Debian, Falconseye Project, Nethack 3 Debian Linux, Falconseye, Nethack 2026-04-16 N/A
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
CVE-2005-0305 1 Siteman 1 Siteman 2026-04-16 N/A
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
CVE-2002-2156 1 Cerulean Studios 1 Trillian 2026-04-16 N/A
Buffer overflow in Trillian 0.73 allows remote IRC servers to execute arbitrary code via a long PING response.
CVE-2003-0074 1 Plptools 1 Plptools 2026-04-16 N/A
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.
CVE-2004-1621 1 Ibm 1 Lotus Domino 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature
CVE-2004-1903 1 Blaxxun 1 Contact 3d 2026-04-16 N/A
Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.
CVE-2004-2423 1 Ipswitch 1 Imail 2026-04-16 N/A
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
CVE-2005-1524 1 The Cacti Group 1 Cacti 2026-04-16 N/A
PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.