Search Results (364592 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1067 1 Linksys 1 Wrt54g V5 2026-04-16 N/A
Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value.
CVE-2000-0566 3 Caldera, Mandrakesoft, Redhat 3 Openlinux, Mandrake Linux, Linux 2026-04-16 N/A
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
CVE-2003-0750 1 Py-membres 1 Py-membres 2026-04-16 N/A
secure.php in PY-Membres 4.2 and earlier allows remote attackers to bypass authentication by setting the adminpy parameter.
CVE-2006-1074 1 Jason Boettcher 1 Liero Xtreme 2026-04-16 N/A
Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command.
CVE-2006-1075 1 Jason Boettcher 1 Liero Xtreme 2026-04-16 N/A
Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server name, or (3) a mapname in a level (aka .lxl) file.
CVE-2000-0570 1 Centrinity 1 Firstclass Intranet Server 2026-04-16 N/A
FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.
CVE-2002-0403 2 Ethereal Group, Redhat 4 Ethereal, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.
CVE-2002-0407 1 Lotus 1 Domino 2026-04-16 N/A
htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote attackers to determine the physical pathname for the server via requests that contain certain MS-DOS device names such as com5, such as (1) a request with a .pl or .java extension, or (2) a request containing a large number of periods, which causes htcgibin.exe to leak the pathname in an error message.
CVE-2002-0412 1 Luca Deri 1 Ntop 2026-04-16 N/A
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
CVE-2002-0413 1 Rebb 1 Rebb 2026-04-16 N/A
Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.
CVE-2002-0416 1 Sh39 1 Mailserver 2026-04-16 N/A
Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.
CVE-2006-1090 1 Punbb 1 Punbb 2026-04-16 N/A
register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations.
CVE-2006-1098 1 Digital Builder 1 Nz Ecommerce 2026-04-16 N/A
Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem
CVE-2006-1099 1 Logit 1 Logit 2026-04-16 N/A
PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2000-0574 2 Openbsd, Washington University 2 Ftpd, Wu-ftpd 2026-04-16 N/A
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
CVE-2006-1106 1 Pixelpost 1 Pixelpost 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but due to the vagueness of the dispute, it is not clear whether the vendor is disputing this particular issue.
CVE-2006-1115 1 Ncipher 3 Chil, Mscapi Csp, Ncipher Software Cd 2026-04-16 N/A
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack.
CVE-2004-0204 4 Bea, Borland Software, Businessobjects and 1 more 9 Weblogic Server, J Builder, Crystal Enterprise and 6 more 2026-04-16 N/A
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
CVE-2003-0755 1 Gtkftpd 1 Gtkftp 2026-04-16 N/A
Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remote attackers to execute arbitrary code by creating long directory names and listing them with a LIST command.
CVE-2004-0206 1 Microsoft 5 Windows 2000, Windows 2003 Server, Windows 98 and 2 more 2026-04-16 N/A
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.