Export limit exceeded: 360673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 360673 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360673 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1659 | 1 Iatek | 1 Portalapp | 2026-04-16 | N/A |
| user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. | ||||
| CVE-2006-4590 | 1 Jetstat.com | 1 Js Asp Faq Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2002-0457 | 1 Bg Guestbook | 1 Bg Guestbook | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message. | ||||
| CVE-2002-1356 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2026-04-16 | N/A |
| Ethereal 0.9.7 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed packets to the (1) LMP, (2) PPP, or (3) TDS dissectors, possibly related to a missing field for EndVerifyAck messages. | ||||
| CVE-2002-0465 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a .. (dot dot) in the OpenPath parameter. | ||||
| CVE-2006-4606 | 1 Longino | 1 Jacome Php-revista | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php. | ||||
| CVE-2002-0468 | 2 Ecartis, Listar | 2 Ecartis, Listar | 2026-04-16 | N/A |
| Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files. | ||||
| CVE-2006-4609 | 1 Phpprojekt | 1 Phpprojekt | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre parameter in (1) cm_lib.inc.php, (2) doc/br.edithelp.php, (3) doc/de.edithelp.php, (4) doc/ct.edithelp.php, (5) userrating.php, and (6) listing.php, a different set of vectors than CVE-2006-4204. NOTE: a third-party researcher has disputed the impact of the cm_lib.inc.php vector, stating that it is limited to local file inclusion. CVE analysis as of 20060905 concurs, although use of ftp URLs is also possible. The remaining five vectors have also been disputed by the same third party, stating that the path_pre variable is initialized before it is used | ||||
| CVE-2006-4611 | 1 Dsocks | 1 Dsocks | 2026-04-16 | N/A |
| Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name. | ||||
| CVE-2006-4621 | 1 Bare Concept Media | 1 Pheap Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The lib/config.php vector is already covered by CVE-2006-4531. | ||||
| CVE-2006-4622 | 1 Comscripts | 1 Annoncev | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-4635 | 1 Squiz | 1 Mysource Classic | 2026-04-16 | N/A |
| Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related to the Equation attribute in Web_Extensions - Notitia (I/II). NOTE: due to lack of details, it is not clear whether this issue is file inclusion, static code injection, or another type of issue. | ||||
| CVE-2006-4637 | 1 Acgv News | 1 Acgv News | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 allow remote attackers to execute arbitrary PHP code via a URL in the PathNews parameter in (1) header.php or (2) news.php. NOTE: portions of these details are obtained from third party information. | ||||
| CVE-2006-4645 | 1 Akarru | 1 Social Bookmarking Engine | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in akarru.gui/main_content.php in Akarru Social BookMarking Engine 0.4.3.34 and earlier, and possibly 0.4.4.120, allows remote attackers to execute arbitrary PHP code via a URL in the bm_content parameter. | ||||
| CVE-2002-0475 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message. | ||||
| CVE-2006-4650 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the RFC2784 compliance fixes are missing, does not verify the offset field of a GRE packet during decapsulation, which leads to an integer overflow that references data from incorrect memory locations, which allows remote attackers to inject crafted packets into the routing queue, possibly bypassing intended router ACLs. | ||||
| CVE-2002-0479 | 1 Gravity Storm Software | 1 Service Pack Manager 2000 | 2026-04-16 | N/A |
| Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share. | ||||
| CVE-2002-1469 | 1 Scponly | 1 Scponly | 2026-04-16 | N/A |
| scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs. | ||||
| CVE-2002-0481 | 1 Microsoft | 1 Outlook | 2026-04-16 | N/A |
| An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function. | ||||
| CVE-2006-4661 | 1 Icq Inc | 1 Icq Toolbar | 2026-04-16 | N/A |
| AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not properly validate the origin of the configuration web page (options2.html), which allows user-assisted remote attackers to provide a web page that contains disguised checkboxes that trick the user into reconfiguring the toolbar. | ||||