Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1266 1 Doug Neal 1 Dnhttpd 2026-04-16 N/A
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
CVE-2004-1520 1 Ipswitch 1 Imail 2026-04-16 N/A
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
CVE-2002-0023 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2003-1306 1 Microsoft 1 Urlscan 2026-04-16 N/A
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
CVE-2006-3126 1 Julian Pawlowski 1 Capi4hylafax 2026-04-16 N/A
c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute arbitrary commands via null (\0) and shell metacharacters in the TSI string, as demonstrated by a fax from an anonymous number.
CVE-2006-4556 2 Joomla, Mambo 2 Jim Component, Jim Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242
CVE-2002-1570 1 Ucd-snmp 1 Ucd-snmp 2026-04-16 N/A
Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array.
CVE-2006-0093 1 Ecardmax.com 1 Atcard Me Php 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2005-1004 1 Profitcode 1 Payprocart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter.
CVE-2006-0109 1 Modular Merchant 1 Shopping Cart 2026-04-16 N/A
Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-4457 1 Phpecard 1 Phpecard 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4460 1 Clemens Wacha 1 Php Iaddressbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP iAddressBook before 0.96 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2001-1045 1 Basilix 1 Basilix Webmail 2026-04-16 N/A
Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter.
CVE-2004-0412 1 Gnu 1 Mailman 2026-04-16 6.5 Medium
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server.
CVE-2004-0514 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
CVE-2002-0185 2 Apache, Redhat 2 Mod Python, Linux 2026-04-16 N/A
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
CVE-2006-4982 1 Cisco 1 Network Access Control 2026-04-16 N/A
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
CVE-2006-2024 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c.
CVE-2005-0832 1 Php-post 1 Php-post Web Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2000-0489 3 Freebsd, Netbsd, Openbsd 3 Freebsd, Netbsd, Openbsd 2026-04-16 N/A
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.