Search Results (364529 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-0735 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x and earlier allows remote attackers to execute arbitrary SQL queries, as demonstrated using the year parameter.
CVE-2000-0518 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
CVE-2003-0736 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9.x and earlier allow remote attackers to execute arbitrary web script via (1) the day parameter in the calendar module, (2) the fatcat_id parameter in the fatcat module, (3) the PAGE_id parameter in the pagemaster module, (4) the PDA_limit parameter in the search, and (5) possibly other parameters in the calendar, fatcat, and pagemaster modules.
CVE-2006-1000 1 G2soft 1 Pentacle In-out Board 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
CVE-2006-1006 1 Sendcard 1 Sendcard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in sendcard.php in sendcard before 3.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters.
CVE-2003-0738 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
The calendar module in phpWebSite 0.9.x and earlier allows remote attackers to cause a denial of service (crash) via a long year parameter.
CVE-2006-1008 1 Nathan Landry 1 N8cms Sitesuite Cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.
CVE-2000-0521 1 Michael Lamont 1 Savant Webserver 2026-04-16 N/A
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.
CVE-2003-0739 1 Vmware 1 Workstation 2026-04-16 N/A
VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows local users to delete arbitrary files via a symlink attack.
CVE-2006-1023 1 Hp 1 System Management Homepage 2026-04-16 N/A
Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.
CVE-2006-1025 1 Addsoft 1 Storebot 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft StoreBot 2002 Standard allows remote attackers to inject arbitrary web script or HTML via the ShipMethod parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2000-0531 2 Caldera, Redhat 3 Openlinux, Openlinux Eserver, Linux 2026-04-16 N/A
Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets.
CVE-2003-0740 2 Redhat, Stunnel 3 Enterprise Linux, Linux, Stunnel 2026-04-16 N/A
Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor returned by listen(), which allows local users to hijack the Stunnel server.
CVE-2006-1029 1 Joomla 1 Joomla 2026-04-16 N/A
The cross-site scripting (XSS) countermeasures in class.inputfilter.php in Joomla! 1.0.7 allow remote attackers to cause a denial of service via a crafted mosmsg parameter to index.php with a malformed sequence of multiple tags, as demonstrated using "<<>AAA<><>", possibly due to nested or empty tags.
CVE-2000-0533 1 Sgi 1 Workshop Debugger And Performance Tools 2026-04-16 N/A
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
CVE-2003-0746 1 Hp 1 Openview 2026-04-16 N/A
Various Distributed Computing Environment (DCE) implementations, including HP OpenView, allow remote attackers to cause a denial of service (process hang or termination) via certain malformed inputs, as triggered by attempted exploits against the vulnerabilities CVE-2003-0352 or CVE-2003-0605, such as the Blaster/MSblast/LovSAN worm.
CVE-2002-0391 5 Freebsd, Microsoft, Openbsd and 2 more 9 Freebsd, Windows 2000, Windows Nt and 6 more 2026-04-16 9.8 Critical
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
CVE-2002-0395 1 Red-m 1 1050ap Lan Acess Point 2026-04-16 N/A
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.
CVE-2006-1043 1 Microsoft 2 Visual Interdev, Visual Studio 2026-04-16 N/A
Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln).
CVE-2000-0338 1 Concurrent Versions Software Project 1 Concurrent Versions Software 2026-04-16 5.5 Medium
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.