Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1296 1 Beagle-project 1 Beagle 2026-04-16 N/A
Untrusted search path vulnerability in Beagle 0.2.2.1 might allow local users to gain privileges via a malicious beagle-info program in the current working directory, or possibly directories specified in the PATH.
CVE-1999-1411 1 Debian 1 Debian Linux 2026-04-16 N/A
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
CVE-1999-1091 2 Rtin, Tin 2 Rtin, Tin 2026-04-16 N/A
UNIX news readers tin and rtin create the /tmp/.tin_log file with insecure permissions and follow symlinks, which allows attackers to modify the permissions of files writable by the user via a symlink attack.
CVE-2006-1315 1 Microsoft 1 Server Service 2026-04-16 N/A
The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
CVE-2006-2989 1 Iisworks 1 Listpics 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter.
CVE-2003-0244 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2026-04-16 N/A
The route cache implementation in Linux 2.4, and the Netfilter IP conntrack module, allows remote attackers to cause a denial of service (CPU consumption) via packets with forged source addresses that cause a large number of hash table collisions.
CVE-1999-1102 4 Apple, Bsd, Sgi and 1 more 4 A Ux, Bsd, Irix and 1 more 2026-04-16 N/A
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
CVE-2006-1319 1 Runit 1 Runit 2026-04-16 N/A
chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.
CVE-2003-0256 1 Kde 1 Kopete 2026-04-16 N/A
The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the command line when executing gpg, which allows remote attackers to execute arbitrary commands.
CVE-2006-2998 1 Free Qboard 1 Free Qboard 2026-04-16 N/A
PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter.
CVE-2006-1321 1 Webcheck 1 Webcheck 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.
CVE-2006-3005 1 Gentoo 2 Linux, Media-libs Jpeg 2026-04-16 N/A
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.
CVE-1999-1128 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 3.01 on Windows 95 allows remote malicious web sites to execute arbitrary commands via a .isp file, which is automatically downloaded and executed without prompting the user.
CVE-2004-0708 1 Moinmoin 1 Moinmoin 2026-04-16 N/A
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
CVE-2006-1326 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.
CVE-2006-1403 1 Csdoom 1 Csdoom 2005 2026-04-16 N/A
Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via format string specifiers in strings passed to the console.
CVE-2003-0360 1 Debian 1 Debian Linux 2026-04-16 N/A
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2006-1406 1 Uniforum 1 Uniforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters.
CVE-2006-1410 1 Xigla 1 Absolute Live Support Xe 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field.
CVE-2003-0366 1 Lysator 1 Lyskom-server 2026-04-16 N/A
lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query.