Export limit exceeded: 344999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344999 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-0877 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME. | ||||
| CVE-1999-0879 | 2 Bsdi, Caldera | 2 Bsd Os, Openlinux | 2026-04-16 | N/A |
| Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file. | ||||
| CVE-2000-0459 | 1 Imp | 1 Imp | 2026-04-16 | N/A |
| IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. | ||||
| CVE-2006-2412 | 1 Raydium | 1 Raydium | 2026-04-16 | N/A |
| The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read). | ||||
| CVE-2006-2431 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the 500 Internal Server Error page on the SOAP port (8880/tcp) in IBM WebSphere Application Server 5.0.2 and earlier, 5.1.x before 5.1.1.12, and 6.0.2 up to 6.0.2.7, allows remote attackers to inject arbitrary web script or HTML via the URI, which is contained in a FAULTACTOR element on this page. NOTE: some sources have reported the element as "faultfactor," but this is likely erroneous. | ||||
| CVE-2006-2453 | 2 Dia, Redhat | 2 Dia, Enterprise Linux | 2026-04-16 | N/A |
| Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. | ||||
| CVE-2006-2478 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term. | ||||
| CVE-2006-2481 | 1 Vmware | 1 Esx | 2026-04-16 | N/A |
| VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619). | ||||
| CVE-2006-2497 | 1 Aspbb | 1 Aspbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. | ||||
| CVE-2006-2498 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | ||||
| CVE-2006-2530 | 1 Snitz Communications | 2 Avatar Mod, Snitz Forums 2000 | 2026-04-16 | N/A |
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | ||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | ||||
| CVE-2006-2546 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| A recommended admin password reset mechanism for BEA WebLogic Server 8.1, when followed before October 10, 2005, causes the administrator password to be stored in cleartext in the domain directory, which could allow attackers to gain privileges. | ||||
| CVE-2006-2558 | 1 Iplogger | 1 Iplogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. | ||||
| CVE-2006-2563 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. | ||||
| CVE-2006-2571 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | ||||
| CVE-2006-2579 | 1 Hp | 1 Openview Storage Data Protector | 2026-04-16 | N/A |
| Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 and 5.5 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2006-2584 | 1 Skyebox | 1 Skyebox | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in SkyeBox 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) message parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it was likely prompted by a vague announcement from a researcher who incorrectly referred to the product as "SkyeShoutbox." | ||||
| CVE-2006-2632 | 1 Andrew Godwin | 1 Bytehoard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. | ||||
| CVE-2006-2640 | 1 Omegasoft | 1 Interneserviceslosungen | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) allows remote attackers to inject arbitrary web script or HTML via the WCE parameter. | ||||