Export limit exceeded: 363134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363134 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2926 | 1 Qbik | 1 Wingate | 2026-04-16 | N/A |
| Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request. | ||||
| CVE-2000-1088 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
| CVE-2006-2758 | 1 Jetty | 1 Jetty | 2026-04-16 | 5.3 Medium |
| Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747. | ||||
| CVE-2006-2752 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux Desktop 9 and SUSE SLES 9 has world-readable permissions, which allows attackers to obtain the rc (RedCarpet) password. | ||||
| CVE-2006-2751 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary web scripts or HTML via the item_list parameter in search.php. | ||||
| CVE-2006-2750 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary web scripts or HTML via failed SQL queries, which is reflected in an error message. | ||||
| CVE-2006-1730 | 2 Mozilla, Redhat | 5 Firefox, Mozilla Suite, Seamonkey and 2 more | 2026-04-16 | N/A |
| Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. | ||||
| CVE-2006-2749 | 1 Open Searchable Image Catalogue | 1 Open Searchable Image Catalogue | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in Open Searchable Image Catalogue (OSIC) 0.7.0.1 and earlier allows remote attackers to inject arbitrary SQL commands via the (1) txtCustomField and (2) CustomFieldID array parameters. | ||||
| CVE-2006-2725 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-2727 | 1 Epic Designs | 1 Eggblog | 2026-04-16 | N/A |
| home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter. | ||||
| CVE-2006-2728 | 1 Jan Chmelik | 1 Photoalbum Bandw | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter. | ||||
| CVE-2006-2771 | 1 Hogstorps | 1 Hogstorp Guestbook | 2026-04-16 | N/A |
| admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | ||||
| CVE-2002-0512 | 1 Caldera | 2 Openlinux Server, Openlinux Workstation | 2026-04-16 | N/A |
| startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries. | ||||
| CVE-2006-2737 | 1 Nukedit | 1 Nukedit | 2026-04-16 | N/A |
| utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action. | ||||
| CVE-2006-2721 | 1 Variomat | 1 Variomat | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT allows remote attackers to inject arbitrary HTML or web script via the subcat parameter. NOTE: this issue might be resultant from SQL injection. | ||||
| CVE-2006-2720 | 1 Variomat | 1 Variomat | 2026-04-16 | N/A |
| SQL injection vulnerability in news.php in VARIOMAT allows remote attackers to execute arbitrary SQL commands via the subcat parameter. | ||||
| CVE-2000-1074 | 1 Netscape | 1 Iplanet Ical | 2026-04-16 | N/A |
| csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. | ||||
| CVE-2006-2703 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| The RedCarpet command-line client (rug) does not verify SSL certificates from a server, which allows remote attackers to read network traffic and execute commands via a man-in-the-middle (MITM) attack. | ||||
| CVE-2006-2687 | 1 Agtc Websolutions | 1 Php-agtc Membership System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter). | ||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | ||||