Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4725 1 Adobe 1 Coldfusion 2026-04-16 N/A
Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox.
CVE-2006-4733 1 Sips 1 Sips 2026-04-16 N/A
PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in Haakon Nilsen simple, integrated publishing system (SIPS) 0.3.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the config[sipssys] parameter. NOTE: the product's documentation recommends placing the affected file outside of the web root, so the scope of issue is limited to admins who do not, or cannot, follow this recommendation.
CVE-2006-4737 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
SQL injection vulnerability in index.php in Jetbox CMS allows remote attackers to inject arbitrary web script or HTML via the item parameter. NOTE: The view vector is already covered by CVE-2006-3586.2.
CVE-2004-2377 1 Alcatel 2 Omniswitch, Omniswitch 7800 2026-04-16 N/A
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
CVE-2006-4750 1 Openi-cms Group 1 Openi-cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in openi-admin/base/fileloader.php in OPENi-CMS 1.0.1, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the config[openi_dir] parameter.
CVE-2002-2069 1 Pgp 1 Personal Privacy 2026-04-16 7.5 High
PGP 6.x and 7.x does not clear Windows alternate data streams that are attached to files on NTFS file systems, which allows attackers to recover sensitive information that was supposed to be deleted.
CVE-2002-2071 1 Compaq 1 Tru64 2026-04-16 N/A
Compaq Tru64 4.0 d allows remote attackers to cause a denial of service in (1) telnet, (2) FTP, (3) ypbind, (4) rpc.lockd, (5) snmp, (6) ttdbserverd, and possibly other services via a TCP SYN scan, as demonstrated using nmap.
CVE-2006-1700 1 Aweb 1 Scripts Seller 2026-04-16 N/A
Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication.
CVE-2002-2083 1 Novell 1 Netware 2026-04-16 N/A
The Novell Netware client running on Windows 95 allows local users to bypass the login and open arbitrary files via the "What is this?" help feature, which can be launched from the Novell Netware login screen.
CVE-2004-2381 1 Jetty 1 Jetty Http Server 2026-04-16 N/A
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
CVE-1999-0632 2026-04-16 N/A
The RPC portmapper service is running.
CVE-2001-0216 1 Mnscu Pals 1 Webpals 2026-04-16 N/A
PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter.
CVE-2002-1133 1 Funsoft 1 Dinos Webserver 2026-04-16 N/A
Encoded directory traversal vulnerability in Dino's web server 2.1 allows remote attackers to read arbitrary files via ".." (dot dot) sequences with URL-encoded (1) "/" (%2f") or (2) "\" (%5c) characters.
CVE-2005-2233 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare.
CVE-2005-1969 1 Pragma Systems 1 Pragma Telnetserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session.
CVE-2005-2108 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
CVE-2004-2399 1 Securecomputing 1 Sidewinder G2 2026-04-16 N/A
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
CVE-2005-1971 1 Interactivephp 1 Fusionbb 2026-04-16 N/A
Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.
CVE-2002-2094 1 Joetesta 1 Hellbent 2026-04-16 N/A
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
CVE-2004-2409 1 Samhain Labs 1 Samhain 2026-04-16 N/A
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.