Search Results (366042 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4087 1 Mojoscripts 1 Mojogallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin.cgi in mojoscripts.com mojoGallery allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-4088 1 Civicspace 1 Civicspace 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace 0.8.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject, (2) Comment, and (3) Add new comment sections.
CVE-2006-4089 1 Andy Lo-a-foe 1 Alsaplayer 2026-04-16 N/A
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
CVE-2006-4090 1 Webligo 1 Bloghoster 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 allows remote attackers to inject arbitrary web script or HTML via the "From: part of the comment post," probably involving the nickname parameter to previewcomment.php.
CVE-2006-4092 1 Simpliciti 1 Locked Browser 2026-04-16 N/A
Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
CVE-1999-0448 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVE-2001-1509 1 Hp 1 Hp-ux 2026-04-16 N/A
geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.
CVE-2001-1527 1 Easyscripts 1 Easynews 2026-04-16 N/A
easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.
CVE-2002-2006 1 Apache 1 Tomcat 2026-04-16 N/A
The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.
CVE-2002-2012 1 Apache 1 Http Server 2026-04-16 N/A
Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Linux 1.0 allows remote attackers to cause "unexpected results" via an HTTP request.
CVE-2002-2017 1 Sas 2 Base, Integration Technologies 2026-04-16 N/A
sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd.
CVE-2002-2038 1 Bill Abt 1 Next Generation Posix Threading 2026-04-16 N/A
Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based shared memory entry, which allows local users to cause a denial of service or in threaded processes or spoof files via unknown methods.
CVE-2003-1408 1 Lotus 1 Domino Server 2026-04-16 N/A
Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the source code for files via an HTTP request with a filename with a trailing dot.
CVE-2003-1424 1 Petitforum 1 Petitforum 2026-04-16 N/A
message.php in Petitforum does not properly authenticate users, which allows remote attackers to impersonate forum users via a modified connect cookie.
CVE-2003-1427 1 Netgear 1 Fm114p 2026-04-16 N/A
Directory traversal vulnerability in the web configuration interface in Netgear FM114P 1.4 allows remote attackers to read arbitrary files, such as the netgear.cfg configuration file, via a hex-encoded (%2e%2e%2f) ../ (dot dot slash) in the port parameter.
CVE-2005-2974 2 Libungif, Redhat 2 Libungif, Enterprise Linux 2026-04-16 N/A
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.
CVE-2006-2632 1 Andrew Godwin 1 Bytehoard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions.
CVE-2006-2636 1 Katy Whitton 1 Newscmslite 2026-04-16 N/A
newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ".
CVE-2006-2638 1 Qjstudios 1 Qjforum 2026-04-16 N/A
SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.
CVE-2006-2637 1 Tuttophp 3 Morris Guestbook, Pretty Guestbook, Smile Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter.