Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2003-1075 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
CVE-2005-0015 1 Crosswire Bible Society 1 Sword 2026-04-16 N/A
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
CVE-2006-1003 1 Netgear 1 Wgt624 2026-04-16 N/A
The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges.
CVE-2005-0019 1 Yongguang Zhang 1 Hztty 2026-04-16 N/A
Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands.
CVE-2006-3366 1 V3 Chat 1 V3 Chat 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".
CVE-2006-3367 1 Mp3netbox 1 Mp3netbox 2026-04-16 N/A
Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2005-3896 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
CVE-2005-3545 1 Ibproarcade 1 Ibproarcade 2026-04-16 N/A
SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
CVE-2006-3371 1 Eupla 1 Foros 2026-04-16 N/A
Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration.
CVE-2006-1013 1 Smartblog 1 Smartblog 2026-04-16 N/A
PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter.
CVE-2006-3373 1 Hobbit Monitor 1 Hobbit Monitor 2026-04-16 N/A
Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root.
CVE-2005-3911 1 Bosdev 1 Bosdates 2026-04-16 N/A
Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters.
CVE-2006-1027 1 Joomla 1 Joomla 2026-04-16 N/A
feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" (slash) in the feed parameter to index.php, which reveals the path in an error message.
CVE-2003-1132 1 Cisco 2 Content Services Switch 11000, Content Services Switch 11500 2026-04-16 N/A
The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, when prompted for a nonexistent AAAA record, responds with response code 3 (NXDOMAIN or "Name Error") instead of response code 0 ("No Error"), which allows remote attackers to cause a denial of service (inaccessible domain) by forcing other DNS servers to send and cache a request for a AAAA record to the vulnerable server.
CVE-2006-0658 1 Fckeditor 1 Fckeditor 2026-04-16 N/A
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
CVE-2002-0245 1 Lotus 1 Domino 2026-04-16 N/A
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.
CVE-2006-0660 1 Farsinews 1 Farsinews 2026-04-16 N/A
Multiple directory traversal vulnerabilities in FarsiNews 2.5 and earlier allows remote attackers to (1) read arbitrary files or trigger an error message path disclosure via ".." or invalid names in the archive parameter to index.php, or (2) include arbitrary files via the template parameter to show_archives.php.
CVE-2002-0248 1 Wliang 1 Wmtv 2026-04-16 N/A
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.
CVE-2006-0661 1 Scriptme 2 Sme Blog Host, Sme Gb Host 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 and SmE Blog Host allows remote attackers to inject arbitrary web script or HTML via the BBcode url tag.
CVE-2006-0662 1 Ibm 1 Lotus Domino Inotes Client 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client 6.5.4 allows remote attackers to inject arbitrary web script or HTML via email with attached html files, which are directly rendered in the browser.