Search Results (364514 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2668 1 Docebolms 1 Docebolms 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php.
CVE-2006-2663 1 Ifusionservices 1 Iflance 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php.
CVE-2003-0649 1 Xpcd 1 Xpcd 2026-04-16 N/A
Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2006-2661 4 Canonical, Debian, Freetype and 1 more 4 Ubuntu Linux, Debian Linux, Freetype and 1 more 2026-04-16 N/A
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference.
CVE-2006-0195 2 Redhat, Squirrelmail 2 Enterprise Linux, Squirrelmail 2026-04-16 N/A
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer.
CVE-2006-2656 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is called with attacker-controlled command line arguments, then perhaps this issue should not be included in CVE.
CVE-2006-2653 1 D-link 1 Dsa-3100 Airspot Gateway 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login_error.shtml for D-Link DSA-3100 allows remote attackers to inject arbitrary HTML or web script via an encoded uname parameter.
CVE-2006-2652 1 Wikini 1 Wikini 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier allows remote attackers to inject arbitrary HTML and web script by editing a Wiki page to contain the script.
CVE-2003-0645 1 Andries Brouwer 1 Man 2026-04-16 N/A
man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.
CVE-2006-2646 1 Alt-n 1 Mdaemon 2026-04-16 N/A
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
CVE-2005-2248 1 Sven-ove Bjerkan 1 Downloadprotect 2026-04-16 N/A
Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder.
CVE-2005-2255 1 Gianluca Baldo 1 Phpauction 2026-04-16 N/A
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
CVE-2000-0145 1 Debian 1 Debian Linux 2026-04-16 N/A
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.
CVE-2005-2257 1 Phpslash 1 Phpslash 2026-04-16 N/A
The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter.
CVE-2005-2259 1 Usanet Creations 6 Domain Name Auction, Makebid Auction Deluxe, Makebid Auction Standard and 3 more 2026-04-16 N/A
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
CVE-2005-2260 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
CVE-2000-0166 1 Interaccess 1 Interaccess Telnetd Server 2026-04-16 N/A
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.
CVE-2004-0293 1 Shopcartcgi 1 Shopcartcgi 2026-04-16 N/A
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
CVE-2000-0171 1 At Computing 1 Atsar Linux 2026-04-16 N/A
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
CVE-2003-0530 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to execute arbitrary code.