Export limit exceeded: 364834 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364834 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2578 1 Esyndicat 1 Esyndicat Directory 2026-04-16 N/A
admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter.
CVE-2006-2579 1 Hp 1 Openview Storage Data Protector 2026-04-16 N/A
Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2006-3814 1 Cheese Tracker 1 Cheese Tracker 2026-04-16 N/A
Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.
CVE-2006-3815 1 Linux-ha 1 Heartbeat 2026-04-16 N/A
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time window on startup.
CVE-2006-2161 3 Cam Development, Erik Dienske, Roger Aelbrecht 3 Cam Unzip, Abakt, Tzipbuilder 2026-04-16 N/A
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a ZIP archive that contains a file with a long file name.
CVE-2006-2163 1 Desert Dog Software 1 Pinnacle Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter.
CVE-2006-2164 1 Pentasoft Corp. 1 Avactis Shopping Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries.
CVE-2003-0456 1 Deerfield 1 Visnetic Website 2026-04-16 N/A
VisNetic WebSite 3.5 allows remote attackers to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
CVE-1999-0027 1 Sgi 1 Irix 2026-04-16 N/A
root privileges via buffer overflow in eject command on SGI IRIX systems.
CVE-2002-2008 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
CVE-1999-0025 1 Sgi 1 Irix 2026-04-16 N/A
root privileges via buffer overflow in df command on SGI IRIX systems.
CVE-2003-0975 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-16 N/A
Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 allows remote attackers to steal user cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
CVE-2002-0589 1 Steve Korbett 1 Pvote 2026-04-16 N/A
PVote before 1.9 allows remote attackers to change the administrative password and gain privileges by directly calling ch_info.php with the newpass and confirm parameters both set to the new password.
CVE-1999-0022 6 Bsdi, Freebsd, Hp and 3 more 7 Bsd Os, Freebsd, Hp-ux and 4 more 2026-04-16 7.8 High
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
CVE-2002-0593 3 Mozilla, Netscape, Redhat 5 Mozilla, Communicator, Navigator and 2 more 2026-04-16 N/A
Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.
CVE-2003-0974 1 Applied Watch Technologies 1 Applied Watch Command Center 2026-04-16 N/A
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) add spurious IDS rules to sensors, as demonstrated using addrule.c.
CVE-2002-0588 1 Steve Korbett 1 Pvote 2026-04-16 N/A
PVote before 1.9 does not authenticate users for restricted operations, which allows remote attackers to add or delete polls by modifying parameters to (1) add.php or (2) del.php.
CVE-2002-0587 1 Aol 1 Aol Server 2026-04-16 N/A
Buffer overflow in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to cause a denial of service or execute arbitrary code via the Error or Notice parameters.
CVE-1999-0005 2 Netscape, University Of Washington 2 Messaging Server, Imap 2026-04-16 N/A
Arbitrary command execution via IMAP buffer overflow in authenticate command.
CVE-2002-0266 1 Thunderstone Software 1 Texis 2026-04-16 N/A
Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.