Export limit exceeded: 350440 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350440 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3283 | 1 Datetopia | 1 Dating Agent Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the (1) pid parameter in picture.php, (2) mid parameter in mem.php, and the (3) sex and (4) relationship parameters in search.php. | ||||
| CVE-1999-1016 | 2 Microsoft, Qualcomm | 4 Frontpage, Internet Explorer, Outlook Express and 1 more | 2026-04-16 | N/A |
| Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as text inputs in a table cell. | ||||
| CVE-2006-3285 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| The internal database in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data (aka bugs CSCsd15955). | ||||
| CVE-2006-3287 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and earlier uses a default administrator username "root" and password "public," which allows remote attackers to gain access (aka bug CSCse21391). | ||||
| CVE-2000-0128 | 1 Daniel Beckham | 1 The Finger Server | 2026-04-16 | N/A |
| The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. | ||||
| CVE-2006-3289 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the login page of the HTTP interface for the Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving a "malicious URL". | ||||
| CVE-2006-3290 | 1 Cisco | 1 Wireless Control System | 2026-04-16 | N/A |
| HTTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames and directory paths via a direct URL request. | ||||
| CVE-2006-3291 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on the Cisco Wireless Access Point and Wireless Bridge, reconfigures itself when it is changed to use the "Local User List Only (Individual Passwords)" setting, which removes all security and password configurations and allows remote attackers to access the system. | ||||
| CVE-2006-3292 | 1 Jaws | 1 Jaws | 2026-04-16 | N/A |
| SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field). | ||||
| CVE-2006-3293 | 1 Proton | 1 Energymech Irc Bot | 2026-04-16 | N/A |
| parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote attackers to cause a denial of service (crash) via empty IRC CTCP NOTICE messages. | ||||
| CVE-1999-1017 | 1 Seattle Lab Software | 1 Emurl | 2026-04-16 | N/A |
| Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail attachments in a specific directory with scripting enabled, which allows a malicious ASP file attachment to execute when the recipient opens the message. | ||||
| CVE-2006-3294 | 1 Cbsms | 1 Mambo Module | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms_messages.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | ||||
| CVE-2006-3297 | 1 Uebimiau | 1 Uebimiau | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in error.php in UebiMiau Webmail 2.7.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the icq parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-1999-1018 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets. | ||||
| CVE-2006-3302 | 1 Cbsms | 1 Mambo Module | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | ||||
| CVE-1999-1019 | 1 Cabletron | 1 Spectrum Enterprise Manager | 2026-04-16 | N/A |
| SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise. | ||||
| CVE-2006-3306 | 1 Zoid Technologies | 1 Project Eros Bbsengine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the preparestring function in lib/common.php in Project EROS bbsengine before 20060501-0142-jam, and possibly earlier versions dating back to 2006-02-23, might allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-1999-1020 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE. | ||||
| CVE-1999-1023 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired. | ||||
| CVE-1999-1025 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| CDE screen lock program (screenlock) on Solaris 2.6 does not properly lock an unprivileged user's console session when the host is an NIS+ client, which allows others with physical access to login with any string. | ||||