Export limit exceeded: 345280 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345280 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345280 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3040 | 1 Amr Talkbox | 1 Amr Talkbox | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in talkbox.php in Amr Talkbox allows remote attackers to execute arbitrary PHP code via a URL in the direct parameter. NOTE: this issue has been disputed by CVE, since the $direct variable is set to a static value just before the include statement | ||||
| CVE-1999-0982 | 1 Sun | 2 Solaris, Web-based Enterprise Management | 2026-04-16 | N/A |
| The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. | ||||
| CVE-2000-0081 | 1 Microsoft | 1 Hotmail | 2026-04-16 | N/A |
| Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. | ||||
| CVE-2000-0298 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. | ||||
| CVE-2006-3041 | 1 Codewalkers | 1 Ltwcalendar | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Ltwcalendar/calendar.php in Codewalkers Ltwcalendar 4.1.3 allows remote attackers to execute arbitrary PHP code via a URL in the ltw_config[include_dir] parameter. NOTE: CVE disputes this claim, since the $ltw_config[include_dir] variable is defined as a static value in an include file before it is referenced in an include() statement | ||||
| CVE-1999-0983 | 1 Internic | 1 Whois Lookup | 2026-04-16 | N/A |
| Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. | ||||
| CVE-2006-3042 | 1 Ispconfig | 1 Ispconfig | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in ISPConfig 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the (1) go_info[isp][classes_root] parameter in (a) server.inc.php, and the (2) go_info[server][classes_root] parameter in (b) app.inc.php, (c) login.php, and (d) trylogin.php. NOTE: this issue has been disputed by the vendor, who states that the original researcher "reviewed the installation tarball that is not identical with the resulting system after installtion. The file, where the $go_info array is declared ... is created by the installer. | ||||
| CVE-2006-3043 | 1 Cfxe-cms | 1 Cfxe-cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter. | ||||
| CVE-2006-3044 | 1 Logisphere | 1 Logisphere | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected in an error page. | ||||
| CVE-1999-0984 | 1 Matts Whois | 1 Matts Whois | 2026-04-16 | N/A |
| Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. | ||||
| CVE-2000-0090 | 1 Vmware | 1 Workstation | 2026-04-16 | N/A |
| VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. | ||||
| CVE-1999-0985 | 1 Cc | 1 Cc Whois | 2026-04-16 | N/A |
| CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. | ||||
| CVE-2006-3049 | 1 Mole Group Ticket Booking Script | 1 Mole Group Ticket Booking Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php. | ||||
| CVE-2000-0091 | 1 Inter7 | 1 Vpopmail | 2026-04-16 | N/A |
| Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. | ||||
| CVE-2006-3057 | 1 Gnome | 1 Dhcdbd | 2026-04-16 | N/A |
| Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption. | ||||
| CVE-2006-3061 | 1 Review-script.com | 1 Five Star Review Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review allow remote attackers to inject arbitrary web script or HTML via the (1) sort parameter in index2.php, (2) item_id parameter in report.php, (3) search_term parameter (aka the "search box") in search_reviews.php, (4) the profile field in usercp/profile_edit1.php, and the (5) review field in review_form.php. | ||||
| CVE-1999-0986 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Linux | 2026-04-16 | N/A |
| The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. | ||||
| CVE-2000-0100 | 1 Microsoft | 1 Systems Management Server | 2026-04-16 | N/A |
| The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. | ||||
| CVE-2005-2253 | 1 Gianluca Baldo | 1 Phpauction | 2026-04-16 | N/A |
| SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the PhpAuction product, so it is not included in this description. | ||||
| CVE-2005-2254 | 1 Gianluca Baldo | 1 Phpauction | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description. | ||||