Search Results (364785 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0459 1 Linux-sottises 2 Board-tnk, News-tnk 2026-04-16 N/A
Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.
CVE-2006-1625 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event.
CVE-2006-1626 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: this is a different vulnerability than CVE-2006-1192.
CVE-2002-0464 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
CVE-2006-1639 1 Wire Plastik Design 1 Wpblog 2026-04-16 N/A
SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter.
CVE-2003-0924 2 Netpbm, Redhat 3 Netpbm, Enterprise Linux, Linux 2026-04-16 N/A
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
CVE-2000-0854 1 Microsoft 1 Office 2026-04-16 N/A
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
CVE-2002-0466 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.
CVE-2002-0469 2 Ecartis, Listar 2 Ecartis, Listar 2026-04-16 N/A
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
CVE-2002-0470 1 Phpnettoolpack 1 Phpnettoolpack 2026-04-16 N/A
PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.
CVE-2000-0861 1 Gnu 1 Mailman 2026-04-16 N/A
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
CVE-2002-0471 1 Phpnettoolpack 1 Phpnettoolpack 2026-04-16 N/A
PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.
CVE-2003-0925 2 Ethereal Group, Redhat 3 Ethereal, Enterprise Linux, Linux 2026-04-16 N/A
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string.
CVE-2002-0472 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.
CVE-2006-1661 1 Sk Soft 1 Skforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) areaID parameter in area.View.action, (2) time parameter in planning.View.action, and (3) userID parameter in user.View.action.
CVE-2006-1664 1 Xine 1 Xine-lib 2026-04-16 N/A
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
CVE-2006-1669 1 Phpheaven 1 Phpmychat 2026-04-16 N/A
SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue.
CVE-2000-0881 1 Plus Technologies 1 Lpplus 2026-04-16 N/A
The dccscan setuid program in LPPlus does not properly check if the user has the permissions to print the file that is specified to dccscan, which allows local users to print arbitrary files.
CVE-2002-0473 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
CVE-2006-1678 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.