Export limit exceeded: 366010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366010 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4832 1 Verso Netperformer 1 Frame Relay Access Device Act 2026-04-16 N/A
Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
CVE-2006-4837 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
CVE-2006-4857 1 Clicktech 1 Clickblog 2026-04-16 N/A
SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters.
CVE-2006-4879 1 David Bennett 1 Php-post 2026-04-16 N/A
SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2006-4911 1 Cisco 1 Ips Sensor Software 2026-04-16 N/A
Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
CVE-2006-4943 1 Moodle 1 Moodle 2026-04-16 N/A
course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter.
CVE-2006-4951 1 Neosys 1 Neon Webmail 2026-04-16 N/A
Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename.
CVE-2006-4975 1 Yahoo 1 Messenger 2026-04-16 N/A
Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service.
CVE-2006-4982 1 Cisco 1 Network Access Control 2026-04-16 N/A
Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer.
CVE-2006-5000 2 Ipswitch, Progress 2 Ws Ftp Server, Ws Ftp Server 2026-04-16 N/A
Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue.
CVE-1999-0032 5 Bsdi, Freebsd, Next and 2 more 5 Bsd Os, Freebsd, Nextstep and 2 more 2026-04-16 N/A
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
CVE-1999-0077 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Predictable TCP sequence numbers allow spoofing.
CVE-1999-1194 1 Digital 1 Ultrix 2026-04-16 N/A
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
CVE-1999-1198 1 Next 1 Next 2026-04-16 N/A
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
CVE-1999-1384 1 Sgi 1 Irix 2026-04-16 N/A
Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.
CVE-2004-0302 1 Fools Workshop 1 Owls Workshop 2026-04-16 N/A
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
CVE-2004-2670 1 Endonesia 1 Endonesia 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.
CVE-2006-0019 2 Kde, Redhat 2 Kde, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI.
CVE-2006-0045 1 Linley Henzell 1 Dungeon Crawl 2026-04-16 N/A
crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges.
CVE-2006-0325 1 Etomite 1 Etomite 2026-04-16 N/A
Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter.