Search Results (366290 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1418 1 Caloris Planitia Technologies 1 E-school Management System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-1427 1 Web-app.org 1 Webapp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real, (7) viewcat, (8) img, or (9) curcatname parameter in cgi-bin/index.cgi, or (10) vsSD parameter in /mods/calendar/index.cgi.
CVE-2006-1435 1 Accounting Receiving And Inventory Administration 1 Aria 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter).
CVE-2006-1438 1 Andy Grayndler 1 Andys Php Knowledgebase 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php.
CVE-2006-1451 1 Apple 1 Mac Os X 2026-04-16 N/A
MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a new MySQL database server, does not use the "New MySQL root password" that is provided, which causes the MySQL root password to be blank and allows local users to gain full privileges to that database.
CVE-2006-1475 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file.
CVE-2006-1479 1 Serge Rey 1 Gtd-php 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php.
CVE-2006-1480 1 Duda 1 Webalbum 2026-04-16 N/A
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
CVE-2006-1481 1 Php Ticket 1 Php Ticket 2026-04-16 N/A
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter.
CVE-2006-1482 1 Conftool 1 Conftool 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2006-1486 1 Fusionzone 1 Realestatezone 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.
CVE-2006-1487 1 Activecampaign 1 Supporttrio 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module.
CVE-2000-0783 1 Watchguard 1 Firebox 2026-04-16 N/A
Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.
CVE-2000-0784 1 Rapidstream 1 Rapidstream 2026-04-16 N/A
sshd program in the Rapidstream 2.1 Beta VPN appliance has a hard-coded "rsadmin" account with a null password, which allows remote attackers to execute arbitrary commands via ssh.
CVE-2002-0717 1 Php 1 Php 2026-04-16 N/A
PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP POST request with certain arguments in a multipart/form-data form, which generates an error condition that is not properly handled and causes improper memory to be freed.
CVE-2006-1493 1 Nikolay Avrionov 1 Explorer Xp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492.
CVE-2006-1494 2 Php, Redhat 3 Php, Enterprise Linux, Rhel Stronghold 2026-04-16 N/A
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
CVE-2000-0793 2 Novell, Symantec 2 Client, Norton Antivirus 2026-04-16 N/A
Norton AntiVirus 5.00.01C with the Novell Netware client does not properly restart the auto-protection service after the first user has logged off of the system.
CVE-2006-1502 1 Mplayer 1 Mplayer 2026-04-16 N/A
Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c.
CVE-2000-0803 1 Gnu 1 Groff 2026-04-16 N/A
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.