Search Results (363308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0232 1 Symantec 1 Antivirus Scan Engine 2026-04-16 N/A
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
CVE-2004-0437 1 South River Technologies 1 Titan Ftp Server 2026-04-16 N/A
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
CVE-2005-0850 1 Filezilla-project 1 Filezilla Server 2026-04-16 N/A
FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.
CVE-2006-4525 1 Devellion 1 Cubecart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
CVE-2006-4773 1 Sun 1 Storedge 6130 Arrays 2026-04-16 N/A
Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN.
CVE-2006-4786 1 Moodle 1 Moodle 2026-04-16 N/A
Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive information via (1) help.php and (2) other unspecified vectors involving scheduled backups.
CVE-2006-4794 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-0591 2 Redhat, Solar Designer 2 Enterprise Linux, Crypt Blowfish 2026-04-16 N/A
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.
CVE-2006-0599 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames.
CVE-2006-4872 1 Keyvan1 1 Ecardpro 2026-04-16 N/A
SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
CVE-2006-4883 1 Idevspot 1 Bizdirectory 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot BizDirectory allow remote attackers to inject arbitrary web script or HTML via (1) the stylesheet parameter in Feed.php or (2) the message parameter in status.php.
CVE-2005-3258 1 Squid 1 Squid 2026-04-16 N/A
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
CVE-1999-0612 2 Gnu, Microsoft 4 Finger Service, Fingerd, Windows 2000 and 1 more 2026-04-16 N/A
A version of finger is running that exposes valid user information to any entity on the network.
CVE-2006-0632 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
The gen_rand_string function in phpBB 2.0.19 uses insufficiently random data (small value space) to create the activation key ("validation ID") that is sent by e-mail when establishing a password, which makes it easier for remote attackers to obtain the key and modify passwords for existing accounts or create new accounts.
CVE-2006-0634 1 Borland Software 1 C\+\+ Builder 2026-04-16 N/A
Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition (ent_upd4) evaluates the "i>sizeof(int)" expression to false when i equals -1, which might introduce integer overflow vulnerabilities into applications that could be exploited by context-dependent attackers.
CVE-2006-4945 1 Cardway 1 Digitalwebshop 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Cardway (aka Frederic Boudaud) DigitalWebShop 1.128 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the _PHPLIB[libdir] parameter to (1) rechnung.php or (2) prepend.php.
CVE-2006-4832 1 Verso Netperformer 1 Frame Relay Access Device Act 2026-04-16 N/A
Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
CVE-2000-0989 1 Intel 1 Inbusiness Email Station 2026-04-16 N/A
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.
CVE-2000-0460 1 Kde 1 Kde 2026-04-16 N/A
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
CVE-2005-0076 1 Debian 1 Debian Linux 2026-04-16 N/A
Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.