Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-0596 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
CVE-2000-0598 1 Fortech 1 Proxy\+ 2026-04-16 N/A
Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.
CVE-2000-0599 1 Imesh.com 1 Imesh 2026-04-16 N/A
Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.
CVE-2006-0217 1 Ultimate Auction 1 Ultimate Auction 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.
CVE-2000-0607 3 Debian, Mandrakesoft, Redhat 3 Debian Linux, Mandrake Linux, Linux 2026-04-16 N/A
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
CVE-2000-0608 1 Netwin 2 Cwmail, Dmailweb 2026-04-16 N/A
NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost).
CVE-2000-0609 1 Netwin 2 Cwmail, Dmailweb 2026-04-16 N/A
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter.
CVE-2006-4267 1 Devellion 1 Cubecart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.
CVE-2000-0613 1 Cisco 1 Pix Firewall 2026-04-16 N/A
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
CVE-2006-0224 1 Libast 1 Libast 2026-04-16 N/A
Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name).
CVE-2006-4268 1 Devellion 1 Cubecart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php.
CVE-2006-0226 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or (2) probe response frames.
CVE-2000-0633 3 Conectiva, Mandrakesoft, Redhat 3 Linux, Mandrake Linux, Linux 2026-04-16 N/A
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
CVE-2006-4269 2 Joomla, Mambo 2 X-shop Component, X-shop Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.x-shop.php in the x-shop component (com_x-shop) 1.7 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by third party researchers, stating that there is no mosConfig_absolute_path parameter and no admin.x-shop.php file in the reported package
CVE-2006-0228 1 Grsecurity 1 Grsecurity Kernel Patch 2026-04-16 N/A
The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active.
CVE-2000-0648 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of service by executing the RENAME TO (RNTO) command before a RENAME FROM (RNFR) command.
CVE-2005-3461 1 Oracle 1 Peoplesoft Enterprise 2026-04-16 N/A
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01.
CVE-2006-0229 1 Wehnus 1 Wehntrust 2026-04-16 N/A
Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key.
CVE-2005-2572 1 Oracle 1 Mysql 2026-04-16 N/A
MySQL, when running on Windows, allows remote authenticated users with insert privileges on the mysql.func table to cause a denial of service (server hang) and possibly execute arbitrary code via (1) a request for a non-library file, which causes the Windows LoadLibraryEx function to block, or (2) a request for a function in a library that has the XXX_deinit or XXX_init functions defined but is not tailored for mySQL, such as jpeg1x32.dll and jpeg2x32.dll.
CVE-2005-2500 1 Linux 1 Linux Kernel 2026-04-16 N/A
Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol.