Export limit exceeded: 29918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4946 | 1 Cmsdevelopment | 1 Business Card Web Builder | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2026-04-16 | N/A |
| Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | ||||
| CVE-2006-4947 | 1 Drupal | 1 Search Keyword Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search Keywords module before 1.15 2006/09/15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output." | ||||
| CVE-1999-0260 | 1 Renaud Deraison | 1 Jj | 2026-04-16 | N/A |
| The jj CGI program allows command execution via shell metacharacters. | ||||
| CVE-1999-0510 | 2026-04-16 | N/A | ||
| A router or firewall allows source routed packets from arbitrary hosts. | ||||
| CVE-2005-3520 | 1 Mysource | 1 Mysource | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. | ||||
| CVE-2006-4948 | 1 Prosysinfo | 1 Tftp Server Tftpdwin | 2026-04-16 | N/A |
| Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-1999-0277 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| The WorkMan program can be used to overwrite any file to get root access. | ||||
| CVE-1999-0270 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files. | ||||
| CVE-1999-0276 | 1 Hughes | 1 Msql | 2026-04-16 | N/A |
| mSQL v2.0.1 and below allows remote execution through a buffer overflow. | ||||
| CVE-1999-0278 | 1 Microsoft | 2 Internet Information Server, Windows Nt | 2026-04-16 | N/A |
| In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL. | ||||
| CVE-2005-3523 | 1 Gpsdrive | 1 Gpsdrive | 2026-04-16 | N/A |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. | ||||
| CVE-2006-4949 | 1 Drupal | 1 Site Profile Directory Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site Profile Directory (profile_pages.module) before 1.1.2.1 and the Drupal 4.7 Site Profile Directory (profile_pages.module) before 1.2.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "lack of validation on output," possibly in the name and title parameters. | ||||
| CVE-1999-0290 | 1 Qbik | 1 Wingate | 2026-04-16 | N/A |
| The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost. | ||||
| CVE-2005-3524 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2026-04-16 | N/A |
| Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. | ||||
| CVE-2006-4950 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, IAD2431, and IAD2432 Integrated Access Devices, the VG224 Analog Phone Gateway, and the MWR 1900 and 1941 Mobile Wireless Edge Routers, is incorrectly identified as supporting DOCSIS, which allows remote attackers to gain read-write access via a hard-coded cable-docsis community string and read or modify arbitrary SNMP variables. | ||||
| CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2026-04-16 | N/A |
| Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | ||||
| CVE-2006-4952 | 1 Neosys | 1 Neon Webmail | 2026-04-16 | N/A |
| The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter. | ||||
| CVE-2005-3527 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP. | ||||
| CVE-2006-4953 | 1 Neosys | 1 Neon Webmail | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet. | ||||