Export limit exceeded: 366010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366010 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4832 | 1 Verso Netperformer | 1 Frame Relay Access Device Act | 2026-04-16 | N/A |
| Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username. | ||||
| CVE-2006-4837 | 1 Codeworx Technologies | 1 Dcp-portal | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | ||||
| CVE-2006-4857 | 1 Clicktech | 1 Clickblog | 2026-04-16 | N/A |
| SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. | ||||
| CVE-2006-4879 | 1 David Bennett | 1 Php-post | 2026-04-16 | N/A |
| SQL injection vulnerability in profile.php in David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | ||||
| CVE-2006-4911 | 1 Cisco | 1 Ips Sensor Software | 2026-04-16 | N/A |
| Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets". | ||||
| CVE-2006-4943 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| course/jumpto.php in Moodle before 1.6.2 does not validate the session key (sesskey) before providing content from arbitrary local URIs, which allows remote attackers to obtain sensitive information via the jump parameter. | ||||
| CVE-2006-4951 | 1 Neosys | 1 Neon Webmail | 2026-04-16 | N/A |
| Neon WebMail for Java before 5.08 allows remote attackers to execute arbitrary Java (JSP) code by sending an e-mail message with a JSP file attachment, which is stored under the web root with a predictable filename. | ||||
| CVE-2006-4975 | 1 Yahoo | 1 Messenger | 2026-04-16 | N/A |
| Yahoo! Messenger for WAP permits saving messages that contain JavaScript, which allows user-assisted remote attackers to inject arbitrary web script or HTML via a URL at the online service. | ||||
| CVE-2006-4982 | 1 Cisco | 1 Network Access Control | 2026-04-16 | N/A |
| Cisco NAC maintains an exception list that does not record device properties other than MAC address, which allows physically proximate attackers to bypass control methods and join a local network by spoofing the MAC address of a different type of device, as demonstrated by using the MAC address of a disconnected printer. | ||||
| CVE-2006-5000 | 2 Ipswitch, Progress | 2 Ws Ftp Server, Ws Ftp Server | 2026-04-16 | N/A |
| Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and possibly other versions down to 5.0, have unknown impact and remote authenticated attack vectors via the (1) XCRC, (2) XMD5, and (3) XSHA1 commands. NOTE: in the early publication of this identifier on 20060926, the description was used for the wrong issue. | ||||
| CVE-1999-0032 | 5 Bsdi, Freebsd, Next and 2 more | 5 Bsd Os, Freebsd, Nextstep and 2 more | 2026-04-16 | N/A |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. | ||||
| CVE-1999-0077 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Predictable TCP sequence numbers allow spoofing. | ||||
| CVE-1999-1194 | 1 Digital | 1 Ultrix | 2026-04-16 | N/A |
| chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges. | ||||
| CVE-1999-1198 | 1 Next | 1 Next | 2026-04-16 | N/A |
| BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges. | ||||
| CVE-1999-1384 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program. | ||||
| CVE-2004-0302 | 1 Fools Workshop | 1 Owls Workshop | 2026-04-16 | N/A |
| Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php. | ||||
| CVE-2004-2670 | 1 Endonesia | 1 Endonesia | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module. | ||||
| CVE-2006-0019 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | ||||
| CVE-2006-0045 | 1 Linley Henzell | 1 Dungeon Crawl | 2026-04-16 | N/A |
| crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. | ||||
| CVE-2006-0325 | 1 Etomite | 1 Etomite | 2026-04-16 | N/A |
| Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | ||||