Search Results (364840 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2557 1 Florian Amrhein 1 Newsportal 2026-04-16 N/A
PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter.
CVE-2002-0700 1 Microsoft 1 Content Management Server 2026-04-16 N/A
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
CVE-2000-1148 1 Volano Llc 1 Volanochatpro 2026-04-16 N/A
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
CVE-2002-0702 1 Isc 1 Dhcpd 2026-04-16 N/A
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
CVE-2006-2562 1 Zyxel 1 P-335wt Router 2026-04-16 N/A
ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic.
CVE-2002-0703 2 Gisle Aas, Redhat 2 Digest-md5, Linux 2026-04-16 N/A
An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.
CVE-2002-0704 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 7.5 High
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
CVE-2006-2114 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request.
CVE-2000-1160 1 Network Associates 1 Sniffer Agent 2026-04-16 N/A
NAI Sniffer Agent allows remote attackers to cause a denial of service (crash) by sending a large number of login requests.
CVE-2006-2565 1 Alstrasoft 1 Article Manager Pro 2026-04-16 N/A
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.
CVE-2006-2117 1 Extrosoft 1 Thyme 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.
CVE-2006-2567 1 Alstrasoft 1 Article Manager Pro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element.
CVE-2006-2568 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter.
CVE-2006-2122 1 Coolmenus 1 Coolmenus 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP.
CVE-2006-2569 2 4r Linklist, Woltlab 2 4r Linklist, Burning Board 2026-04-16 N/A
SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter.
CVE-2006-2572 1 Dian Gemilang 1 Dgbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters.
CVE-2006-2131 1 Advanced Poll 1 Advanced Poll 2026-04-16 N/A
include/class_poll.php in Advanced Poll 2.0.4 uses the HTTP_X_FORWARDED_FOR (X-Forwarded-For HTTP header) to identify the IP address of a client, which makes it easier for remote attackers to spoof the source IP and bypass voting restrictions.
CVE-2006-2133 1 Boonex 1 Barracuda 2026-04-16 N/A
SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality.
CVE-2002-0706 1 Surfcontrol 2 Superscout Web Filter, Web Filter 2026-04-16 N/A
UserManager.js in the Web Reports Server for SurfControl SuperScout WebFilter uses weak encryption for administrator functions, which allows remote attackers to decrypt the administrative password using a hard-coded key in a Javascript function.
CVE-2002-0707 1 Surfcontrol 2 Superscout Web Filter, Web Filter 2026-04-16 N/A
The Web Reports Server for SurfControl SuperScout WebFilter allows remote attackers to cause a denial of service (CPU consumption) via large GET requests, possibly due to a buffer overflow.