Export limit exceeded: 363335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2494 1 Code-crafters 1 Ability Mail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.
CVE-2004-2094 1 Darkwet 1 Webcam Xp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.
CVE-2003-0395 1 Myupb 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitrary PHP code with UPB administrator privileges via an HTTP request containing the code in the User-Agent header, which is executed when the administrator executes admin_iplog.php.
CVE-2002-0953 1 Php Address 1 Php Address 2026-04-16 N/A
globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.
CVE-2001-0440 4 Conectiva, Licq, Mandrakesoft and 1 more 5 Linux, Licq, Mandrake Linux and 2 more 2026-04-16 N/A
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
CVE-2006-4610 1 Graphiks 1 Grapagenda 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter.
CVE-2004-0034 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
CVE-2001-0722 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
CVE-2006-1529 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.
CVE-2006-1475 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
CVE-2006-1472 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 allows remote attackers to determine names of unauthorized files and folders via unknown vectors related to the search results.
CVE-2006-1462 1 Apple 1 Quicktime 2026-04-16 N/A
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
CVE-2006-1451 1 Apple 1 Mac Os X 2026-04-16 N/A
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
CVE-2006-1443 1 Apple 1 Mac Os X 2026-04-16 N/A
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file system representation within (1) CFStringGetFileSystemRepresentation or (2) getFileSystemRepresentation:maxLength:withPath in NSFileManager, and possibly other similar API functions.
CVE-2006-1390 1 Gentoo 1 Linux 2026-04-16 N/A
The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks.
CVE-2002-1309 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.
CVE-2006-1347 1 Greg Neustaetter 1 Gcards 2026-04-16 N/A
SQL injection vulnerability in loginfunction.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0799 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. NOTE: this issue is very similar to CVE-2004-1104, although the manipulations are slightly different.
CVE-2004-0617 1 Arbitroweb 1 Arbitroweb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter.
CVE-2006-1343 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, and possibly net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c in 2.6, does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the getsockopt function with SO_ORIGINAL_DST, which allows local users to obtain portions of potentially sensitive memory.