Search Results (366657 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2975 1 Pbl Guestbook 1 Pbl Guestbook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in pblguestbook.php in PBL Guestbook 1.31 allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of IMG tags in the (1) name, (2) email, and (3) website parameter, which bypasses XSS protection mechanisms that check for SCRIPT tags but not IMG. NOTE: portions of this description's details are obtained from third party information.
CVE-2006-2980 1 Viart Ltd 1 Viart Shop Free 2026-04-16 N/A
SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, might allow remote attackers to execute arbitrary SQL commands via unknown vectors, probably involving the forum_id parameter.
CVE-2006-2981 1 Arantius 1 Vice Stats 2026-04-16 N/A
SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972.
CVE-2000-0264 1 Panda 1 Panda Security 2026-04-16 N/A
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
CVE-2004-2379 1 Calacode 1 At Mail Webmail System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
CVE-2005-2012 1 Php Arena 1 Pafaq 2026-04-16 N/A
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters.
CVE-2006-3299 1 Metalheadws 1 Usenet 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
CVE-1999-0209 1 Sun 1 Sunos 2026-04-16 N/A
The SunView (SunTools) selection_svc facility allows remote users to read files.
CVE-1999-0219 1 Cat Soft 1 Serv-u 2026-04-16 N/A
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
CVE-1999-0232 1 Ncsa Httpd Project 1 Ncsa Httpd 2026-04-16 N/A
Buffer overflow in NCSA WebServer (version 1.5c) gives remote access.
CVE-1999-0240 2026-04-16 N/A
Some filters or firewalls allow fragmented SYN packets with IP reserved bits in violation of their implemented policy.
CVE-1999-0250 1 Dan Bernstein 1 Qmail 2026-04-16 N/A
Denial of service in Qmail through long SMTP commands.
CVE-1999-0253 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 3.0 with the iis-fix hotfix installed allows remote intruders to read source code for ASP programs by using a %2e instead of a . (dot) in the URL.
CVE-1999-0280 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Remote command execution in Microsoft Internet Explorer using .lnk and .url files.
CVE-1999-0439 2 Caldera, Procmail 2 Openlinux, Procmail 2026-04-16 N/A
Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.
CVE-1999-0440 2 Netscape, Sun 3 Communicator, Navigator, Java 2026-04-16 N/A
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
CVE-1999-0449 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
CVE-1999-0461 2 Linux, Sgi 2 Linux Kernel, Irix 2026-04-16 N/A
Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.
CVE-1999-0470 1 Novell 1 Netware 2026-04-16 N/A
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
CVE-1999-0471 1 Winroute 1 Winroute 2026-04-16 N/A
The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.