Export limit exceeded: 362495 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362495 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1454 1 Oracle 1 Mysql 2026-04-16 N/A
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
CVE-2000-0840 1 Davide Libenzi 1 Xmail 2026-04-16 N/A
Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long USER command.
CVE-2000-0701 3 Conectiva, Gnu, Redhat 3 Linux, Mailman, Linux 2026-04-16 N/A
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
CVE-2000-0625 1 Netzero 1 Zeroport 2026-04-16 N/A
NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
CVE-2006-4978 1 Walter Beschmout 1 Phpquiz 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the univers parameter in score.php and (2) the quiz_id parameter in home.php, accessed through the front/ URI.
CVE-2006-4977 1 Walter Beschmout 1 Phpquiz 2026-04-16 N/A
Multiple unrestricted file upload vulnerabilities in (1) back/upload_img.php and (2) admin/upload_img.php in Walter Beschmout PhpQuiz 1.2 and earlier allow remote attackers to upload arbitrary PHP code to the phpquiz/img_quiz folder via the (a) upload, (b) ok_update, (c) image, and (d) path parameters, possibly requiring directory traversal sequences in the path parameter.
CVE-2006-4976 1 John Lim 1 Adodb Date Library 2026-04-16 N/A
The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for (1) server.php, (2) adodb-errorpear.inc.php, (3) adodb-iterator.inc.php, (4) adodb-pear.inc.php, (5) adodb-perf.inc.php, (6) adodb-xmlschema.inc.php, and (7) adodb.inc.php; files in datadict including (8) datadict-access.inc.php, (9) datadict-db2.inc.php, (10) datadict-generic.inc.php, (11) datadict-ibase.inc.php, (12) datadict-informix.inc.php, (13) datadict-mssql.inc.php, (14) datadict-mysql.inc.php, (15) datadict-oci8.inc.php, (16) datadict-postgres.inc.php, and (17) datadict-sybase.inc.php; files in drivers/ including (18) adodb-access.inc.php, (19) adodb-ado.inc.php, (20) adodb-ado_access.inc.php, (21) adodb-ado_mssql.inc.php, (22) adodb-borland_ibase.inc.php, (23) adodb-csv.inc.php, (24) adodb-db2.inc.php, (25) adodb-fbsql.inc.php, (26) adodb-firebird.inc.php, (27) adodb-ibase.inc.php, (28) adodb-informix.inc.php, (29) adodb-informix72.inc.php, (30) adodb-mssql.inc.php, (31) adodb-mssqlpo.inc.php, (32) adodb-mysql.inc.php, (33) adodb-mysqli.inc.php, (34) adodb-mysqlt.inc.php, (35) adodb-oci8.inc.php, (36) adodb-oci805.inc.php, (37) adodb-oci8po.inc.php, (38) adodb-odbc.inc.php, (39) adodb-odbc_mssql.inc.php, (40) adodb-odbc_oracle.inc.php, (41) adodb-oracle.inc.php, (42) adodb-postgres64.inc.php, (43) adodb-postgres7.inc.php, (44) adodb-proxy.inc.php, (45) adodb-sapdb.inc.php, (46) adodb-sqlanywhere.inc.php, (47) adodb-sqlite.inc.php, (48) adodb-sybase.inc.php, (49) adodb-vfp.inc.php; file in perf/ including (50) perf-db2.inc.php, (51) perf-informix.inc.php, (52) perf-mssql.inc.php, (53) perf-mysql.inc.php, (54) perf-oci8.inc.php, (55) perf-postgres.inc.php; tests/ files (56) benchmark.php, (57) client.php, (58) test-datadict.php, (59) test-perf.php, (60) test-pgblob.php, (61) test-php5.php, (62) test-xmlschema.php, (63) test.php, (64) test2.php, (65) test3.php, (66) test4.php, (67) test5.php, (68) test_rs_array.php, (69) testcache.php, (70) testdatabases.inc.php, (71) testgenid.php, (72) testmssql.php, (73) testoci8.php, (74) testoci8cursor.php, (75) testpaging.php, (76) testpear.php, (77) testsessions.php, (78) time.php, or (79) tmssql.php, which reveals the path in various error messages.
CVE-2006-4971 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive information via a direct request for inc/plugins/hello.php, which reveals the path in an error message.
CVE-2006-4970 1 Wahm E-commerce 1 Pie Cart Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in enc/content.php in WAHM E-Commerce Pie Cart Pro allows remote attackers to execute arbitrary PHP code via a URL in the Home_Path parameter.
CVE-2006-3678 1 3com 1 Tippingpoint Ips Tos 2026-04-16 N/A
TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet.
CVE-2006-2617 1 Alstrasoft 1 Webhost Directory 2026-04-16 N/A
(1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to obtain the installation path via an invalid entry in the Username field on the login page, which causes the path to be displayed in an SQL error. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2616 1 Alstrasoft 1 Webhost Directory 2026-04-16 N/A
SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.
CVE-2006-2615 1 Russcom Network 1 Russcom.ping 2026-04-16 N/A
ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter.
CVE-2006-2613 2 Mozilla, Netscape 3 Firefox, Mozilla Suite, Navigator 2026-04-16 N/A
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
CVE-2006-2611 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character.
CVE-2006-2609 1 Artmedic Webdesign 1 Artmedic Newsletter 2026-04-16 N/A
artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-2608 1 Artmedic Webdesign 1 Artmedic Newsletter 2026-04-16 N/A
artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php.
CVE-2006-2081 1 Oracle 1 Database Server 2026-04-16 N/A
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via the GET_DOMAIN_INDEX_METADATA function in the DBMS_EXPORT_EXTENSION package. NOTE: this issue was originally linked to DB05 (CVE-2006-1870), but a reliable third party has claimed that it is not the same issue. Based on details of the problem, the primary issue appears to be insecure privileges that facilitate the introduction of SQL in a way that is not related to special characters, so this is not "SQL injection" per se.
CVE-2006-0082 2 Imagemagick, Redhat 2 Imagemagick, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name, a variant of CVE-2005-0397, and as demonstrated using the convert program.
CVE-2006-0081 1 Intel 1 Graphics Accelerator Driver 2026-04-16 N/A
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a long window title.