Export limit exceeded: 359894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1899 | 1 Icewarp | 1 Web Mail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and 3.4.5 allows remote attackers to inject arbitrary web script or HTML via the "Full Name" (addressname) parameter. | ||||
| CVE-2002-1908 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters. | ||||
| CVE-2006-1148 | 1 Peercast | 1 Peercast | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp. | ||||
| CVE-2006-1150 | 1 Teg | 1 Tenes Empanadas Graciela | 2026-04-16 | N/A |
| Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | ||||
| CVE-2006-1153 | 1 D2-shoutbox | 1 D2-shoutbox | 2026-04-16 | N/A |
| SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). | ||||
| CVE-2002-1926 | 1 Aquonics Scripting | 1 Aquonics File Manager | 2026-04-16 | N/A |
| Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. | ||||
| CVE-2006-1154 | 1 Fscripts | 1 Fantastic News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable. | ||||
| CVE-2006-1155 | 1 Manas Tungare | 1 Site Membership Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp. | ||||
| CVE-2002-1944 | 1 Motorola | 1 Surfboard | 2026-04-16 | N/A |
| Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap. | ||||
| CVE-2006-4938 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | ||||
| CVE-2006-1157 | 1 Adp | 1 Adp Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message in post.php. | ||||
| CVE-2006-1162 | 1 Nodez | 1 Nodez | 2026-04-16 | N/A |
| Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows remote attackers to read or include arbitrary PHP files via a .. (dot dot) in the op parameter, as demonstrated by inserting malicious Email parameters into list.gtdat, then accessing list.gtdat using the op parameter. | ||||
| CVE-2002-1960 | 1 Cybozu | 1 Share360 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows remote attackers to inject arbitrary web script or HTML via an HTML link. | ||||
| CVE-2002-2016 | 1 User-mode Linux | 1 User-mode Linux | 2026-04-16 | N/A |
| User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel address space, which allows local users to execute arbitrary code. | ||||
| CVE-2006-1164 | 1 Nodez | 1 Nodez | 2026-04-16 | N/A |
| Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat. | ||||
| CVE-2006-4949 | 1 Drupal | 1 Site Profile Directory Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. | ||||
| CVE-2006-1174 | 2 Debian, Redhat | 2 Shadow, Enterprise Linux | 2026-04-16 | N/A |
| useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox. | ||||
| CVE-2002-1980 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown attack vectors. | ||||
| CVE-2002-1981 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings. | ||||
| CVE-2006-4950 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | ||||