Search Results (363423 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4361 1 Dieselscripts 1 Diesel Job Site 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters.
CVE-2006-4347 1 Jiran 2 Cool Manager, Cool Messenger Office School Server 2026-04-16 N/A
SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2005-4718 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.
CVE-2004-2008 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter.
CVE-1999-0490 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn information about a local user's files via an IMG SRC tag.
CVE-2006-4346 1 Digium 1 Asterisk 2026-04-16 N/A
Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable.
CVE-2004-2007 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function.
CVE-2006-4360 1 Drupal 1 Drupal E-commerce Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal before file.module 1.37.2.4 (20060812) allows remote authenticated users with the "create products" permission to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-4345 1 Digium 1 Asterisk 2026-04-16 N/A
Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response.
CVE-2004-2004 1 Suse 1 Suse Linux 2026-04-16 N/A
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
CVE-1999-0487 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
CVE-2006-4359 1 Trident Software 1 Powerzip 2026-04-16 N/A
Stack-based buffer overflow in Trident Software PowerZip 7.06 Build 3895 on Windows 2000 allows remote attackers to execute arbitrary code via a ZIP archive containing a long filename.
CVE-2006-4344 1 Cgi-rescue 1 Mail F W System 2026-04-16 N/A
CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) before 8.3 allows remote attackers to spoof e-mails and inject e-mail headers via unspecified vectors in (1) mail.cgi and (2) query.cgi.
CVE-2004-2002 1 Sgi 1 Irix 2026-04-16 N/A
Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet.
CVE-1999-0485 1 Openbsd 1 Openbsd 2026-04-16 N/A
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
CVE-2005-4712 1 Php Handicapper 1 Php Handicapper 2026-04-16 N/A
CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well.
CVE-2005-1900 1 Sawmill 1 Sawmill 2026-04-16 N/A
Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license.
CVE-2004-2001 1 Sgi 1 Irix 2026-04-16 N/A
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
CVE-2004-1986 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
CVE-1999-1257 1 Xyplex 1 Maxserver Xyplex Terminal Server 2026-04-16 N/A
Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark).