Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3463 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop.
CVE-2006-3482 1 Phpmaillist 1 Phpmaillist 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2006-3490 1 F-secure 3 F-secure Anti-virus, F-secure Internet Security, F-secure Service Platform For Service Providers 2026-04-16 N/A
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls.
CVE-1999-1405 1 Ibm 1 Aix 2026-04-16 N/A
snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory with world-readable permissions and does not remove or clear the directory when snap -a is executed, which could allow local users to access the shadowed password file by creating /tmp/ibmsupt/general/passwd before root runs snap -a.
CVE-2006-2330 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
CVE-2006-2348 1 Oasyssoft 1 E-business Designer 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in form_grupo.html in E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2352 1 Ipswitch 1 Whatsup Professional 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2320 1 Ideal Science 1 Idealbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Ideal Science Ideal BB 1.5.4a and earlier allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors related to stored procedure calls. NOTE: due to lack of details from the researcher, it is not clear whether this overlaps CVE-2004-2209.
CVE-1999-0789 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in AIX ftpd in the libc library.
CVE-2006-2231 1 Big Webmaster 1 Big Webmaster Guestbook Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in Big Webmaster Guestbook Script 1.02 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) site, (3) city, (4) state, (5) country, and possibly (6) name fields, which are viewed via viewguest.cgi.
CVE-2002-1277 2 Redhat, Windowmaker 3 Enterprise Linux, Linux, Windowmaker 2026-04-16 N/A
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
CVE-1999-1117 1 Ibm 1 Aix 2026-04-16 N/A
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
CVE-2006-2249 1 Cutephp 1 Cutenews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.
CVE-2006-2254 1 Intervations 1 Filecopa 2026-04-16 N/A
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters.
CVE-2006-2270 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.
CVE-2006-2261 1 Acal 1 Acal 2026-04-16 N/A
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-2275 3 Canonical, Lksctp, Redhat 3 Ubuntu Linux, Stream Control Transmission Protocol, Enterprise Linux 2026-04-16 7.5 High
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer."
CVE-2006-2278 1 Arabless 1 Saphplesson 2026-04-16 N/A
SaphpLesson 3.0 does not initialize array variables, which allows remote attackers to obtain the full path via an non-array (1) hrow parameter to (a) show.php or (b) index.php; the (2) Lsnrow parameter to (c) showcat.php; or the (3) rows parameter to index.php.
CVE-2004-2526 1 Ibm 1 Tivoli Directory Server 2026-04-16 N/A
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
CVE-2006-2283 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid 2.9.5 through 3.0.b3 allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) auth.php and (2) auth_phpbb when the phpBB portal is enabled, and via a URL in the smf_root_path parameter in (3) auth.php and (4) auth_SMF when the SMF portal is enabled.