Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2743 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with mod_mime, does not properly handle files with multiple extensions, which allows remote attackers to upload, modify, or execute arbitrary files in the files directory.
CVE-2006-2744 1 Facile Interactive Web 1 Facile Interactive Web 2026-04-16 N/A
PHP remote file inclusion vulnerability in p-popupgallery.php in F@cile Interactive Web 0.8.41 through 0.8.5 allows remote attackers to execute arbitrary PHP code via a URL in the l parameter.
CVE-2006-2746 1 Facile Interactive Web 1 Facile Interactive Web 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in F@cile Interactive Web 0.8.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in index.php, and the (2) mytheme and (3) myskin parameters in multiple "p-themes" index.inc.php files including (c) lowgraphic, (d) classic, (e) puzzle, (f) simple, and (g) ciao. NOTE: vectors 2 and 3 might be resultant from file inclusion issues.
CVE-2006-2747 1 Fredi Bach 1 Phpmydesktop Arcade 2026-04-16 N/A
Directory traversal vulnerability in index.php in PhpMyDesktop|arcade 1.0 FINAL allows remote attackers to read arbitrary files or execute PHP code via a .. (dot dot) sequence and trailing null (%00) byte in the subsite parameter in a showsubsite todo.
CVE-2006-2748 1 Open Searchable Image Catalogue 1 Open Searchable Image Catalogue 2026-04-16 N/A
SQL injection vulnerability in the do_mysql_query function in core.php for Open Searchable Image Catalogue (OSIC) before 0.7.0.1 allows remote attackers to inject arbitrary SQL commands via multiple vectors, as demonstrated by the (1) type parameter in adminfunctions.php and the (2) catalogue_id parameter in editcatalogue.php.
CVE-2006-2753 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
CVE-2006-2957 1 Skoom 1 I.list 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-3412 1 Tor 1 Tor 2026-04-16 N/A
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.
CVE-2006-1276 1 Himpfen Consulting 1 Php Simplenews 2026-04-16 N/A
admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie.
CVE-2002-1940 1 Jacob Navia 1 Lcc-win32 2026-04-16 N/A
LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes portions of previously used memory after the import table, which could allow attackers to gain sensitive information. NOTE: it has been reported that this problem is due to the OS and not the application.
CVE-2005-0421 1 Delphiturk 1 Delphiturk Ftp 2026-04-16 N/A
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
CVE-2005-2334 1 Y.sak 1 Y.sak 2026-04-16 N/A
Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi.
CVE-2002-1005 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop.
CVE-2005-2336 1 Hiki 1 Hiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.
CVE-2006-0977 1 Craig Morrison 1 Mts Pro 2026-04-16 N/A
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.
CVE-2002-1011 1 Ibm 1 Tivoli Management Framework 2026-04-16 N/A
Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
CVE-2002-1018 1 Adobe 1 Adobe Content Server 2026-04-16 N/A
The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking out the same book multiple times.
CVE-2002-1059 1 Van Dyke Technologies 1 Securecrt 2026-04-16 N/A
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
CVE-2002-1118 1 Oracle 2 Oracle8i, Oracle9i 2026-04-16 N/A
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
CVE-2005-3535 1 Ketm 1 Ketm 2026-04-16 N/A
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.