Search Results (364541 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0847 1 Cherrypy 1 Cherrypy 2026-04-16 N/A
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
CVE-2006-0851 1 Ilch.de 1 Ilchclan 2026-04-16 N/A
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost.
CVE-2004-0343 1 Yabb 1 Yabb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
CVE-2006-0852 1 Devscripts 1 Admbook 2026-04-16 N/A
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php.
CVE-2004-0345 1 Volition 1 Red Faction 2026-04-16 N/A
Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name.
CVE-2003-0694 12 Apple, Compaq, Freebsd and 9 more 20 Mac Os X, Mac Os X Server, Tru64 and 17 more 2026-04-16 N/A
The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated using the parseaddr function in parseaddr.c.
CVE-2003-0695 2 Openbsd, Redhat 3 Openssh, Enterprise Linux, Linux 2026-04-16 N/A
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
CVE-2000-0428 1 Trend Micro 1 Interscan Viruswall 2026-04-16 N/A
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.
CVE-2002-0856 1 Oracle 2 Database Server, Oracle9i 2026-04-16 N/A
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
CVE-2003-0696 1 Ibm 1 Aix 2026-04-16 N/A
The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion).
CVE-2003-0697 1 Ibm 1 Aix 2026-04-16 N/A
Format string vulnerability in lpd in the bos.rte.printers fileset for AIX 4.3 through 5.2, with debug enabled, allows local users to cause a denial of service (crash) or gain root privileges.
CVE-2006-0869 1 Pear 1 Pear Liveuser 2026-04-16 N/A
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
CVE-2006-0872 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter.
CVE-2006-0878 1 Phpoutsourcing 1 Noahs Classifieds 2026-04-16 N/A
Noah's Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php.
CVE-2000-0429 1 Mcmurtrey Whitaker And Associates 1 Cart32 2026-04-16 N/A
A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.
CVE-2006-0883 2 Freebsd, Openbsd 2 Freebsd, Openssh 2026-04-16 N/A
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting.
CVE-2003-0707 1 Tomi Manninen 1 Linuxnode 2026-04-16 N/A
Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attackers to execute arbitrary code.
CVE-2003-0702 1 Iss 1 Realsecure Server Sensor 2026-04-16 N/A
Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU 20.16, 20.18, and possibly other versions before 20.19, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code in Internet Information Server (IIS) via a certain URL through SSL.
CVE-2003-0703 1 Kismac 1 Kismac 2026-04-16 N/A
KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3) airojack_load.sh, or (4) via "similar techniques" using exchangeKernel.sh.
CVE-2003-0708 1 Tomi Manninen 1 Linuxnode 2026-04-16 N/A
Format string vulnerability in LinuxNode (node) before 0.3.2 may allow attackers to cause a denial of service or execute arbitrary code.