Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1222 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a foreign Java Message Service (JMS) provider, echoes the password for the foreign provider to the console and stores it in cleartext in config.xml, which could allow attackers to obtain the password.
CVE-2003-1223 1 Bea 1 Weblogic Server 2026-04-16 N/A
The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 SP 1 allows remote attackers to cause a denial of service (Node Manager crash) via malformed data to the Node Manager's port, as demonstrated by nmap.
CVE-2003-1278 1 Infopop 1 Opentopic 2026-04-16 N/A
Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags.
CVE-2005-3326 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
CVE-2005-2491 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2026-04-16 N/A
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
CVE-2006-2424 1 Ezusermanager 1 Ezusermanager 2026-04-16 N/A
PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php.
CVE-2001-0450 1 Transsoft 1 Broker Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Transsoft FTP Broker before 5.5 allows attackers to (1) delete arbitrary files via DELETE, or (2) list arbitrary directories via LIST, via a .. (dot dot) in the file name.
CVE-2006-2487 1 Scoznet 1 Scoznews 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. NOTE: this might be resultant from a variable overwrite issue.
CVE-2005-3572 1 Peel 1 Peel 2026-04-16 N/A
SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.
CVE-2006-2494 1 Lacaveprods 1 Intellitamper 2026-04-16 N/A
Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file.
CVE-2001-0455 1 Cisco 1 Aironet 340 2026-04-16 N/A
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
CVE-2006-2523 1 Smartisoft 1 Phplistpro 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie.
CVE-2001-0460 1 Baltimore Technologies 1 Websweeper 2026-04-16 N/A
Websweeper 4.0 does not limit the length of certain HTTP headers, which allows remote attackers to cause a denial of service (memory exhaustion) via an extremely large HTTP Referrer: header.
CVE-2006-2917 1 Qbik 1 Wingate 2026-04-16 N/A
Directory traversal vulnerability in the IMAP server in WinGate 6.1.2.1094 and 6.1.3.1096, and possibly other versions before 6.1.4 Build 1099, allows remote authenticated users to read email of other users, or perform unauthorized operations on directories, via the (1) CREATE, (2) SELECT, (3) DELETE, (4) RENAME, (5) COPY, (6) APPEND, and (7) LIST commands.
CVE-2006-3480 1 Joomla 1 Joomla 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
CVE-2006-3483 1 Phpmaillist 1 Phpmaillist 2026-04-16 N/A
PHPMailList 1.8.0 stores sensitive information under the web document root iwth insufficient access control, which allows remote attackers to obtain email addresses of subscribers, configuration information, and the admin username and password via direct requests to (1) list.dat or (2) ml_config.dat.
CVE-2006-3488 1 Virtuastore 1 Virtuastore 2026-04-16 N/A
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim.
CVE-2001-1284 1 Ipswitch 1 Imail 2026-04-16 N/A
Ipswitch IMail 7.04 and earlier uses predictable session IDs for authentication, which allows remote attackers to hijack sessions of other users.
CVE-2005-3100 1 Astaro 1 Security Linux 2026-04-16 N/A
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service.
CVE-2006-1514 1 Abcmidi 1 Abcmidi 2026-04-16 N/A
Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.