Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4086 1 Ozjournals 1 Ozjournals 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-1295 1 Include.cgi 1 Include.cgi 2026-04-16 N/A
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2006-0974 1 Battleaxe Software 1 Bttlxeforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe bttlxeForum 2.0 allows remote attackers to inject arbitrary web script or HTML via the err_txt parameter.
CVE-2006-4089 1 Andy Lo-a-foe 1 Alsaplayer 2026-04-16 N/A
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
CVE-2005-1296 1 Include.cgi 1 Include.cgi 2026-04-16 N/A
include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2006-4091 1 Archangelmgt 1 Weblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Archangel Management Archangel Weblog 0.90.02 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Comment section.
CVE-2005-1297 1 Include.cgi 1 Include.cgi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2006-0977 1 Craig Morrison 1 Mts Pro 2026-04-16 N/A
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.
CVE-2006-0984 1 Ej3 1 Topo 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter.
CVE-2005-1298 1 Inserter.cgi 1 Inserter.cgi 2026-04-16 N/A
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2006-4092 1 Simpliciti 1 Locked Browser 2026-04-16 N/A
Simpliciti Locked Browser does not properly limit a user's actions to ones within the intended Internet Explorer environment, which allows local users to perform unauthorized actions by visiting a web site that executes a JavaScript window.blur loop to remove focus from the browser window, then pressing CTRL-SHIFT-ESC to invoke the Task Manager.
CVE-2005-1299 1 Inserter.cgi 1 Inserter.cgi 2026-04-16 N/A
The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2006-0986 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. Other vectors might be covered by CVE-2005-1688. NOTE: if the typical installation of WordPress does not list any site-specific files to wp-includes, then vector [13] is not an exposure.
CVE-2006-4093 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2026-04-16 N/A
Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."
CVE-2005-1300 1 Inserter.cgi 1 Inserter.cgi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2006-0991 1 Veritas 1 Netbackup 2026-04-16 N/A
Buffer overflow in the NetBackup Sharepoint Services server daemon (bpspsserver) on NetBackup 6.0 for Windows allows remote attackers to execute arbitrary code via crafted "Request Service" packets to the vnetd service (TCP port 13724).
CVE-2005-1301 1 Nprotect 1 Netizen 2026-04-16 N/A
nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files.
CVE-2006-0999 1 Novell 2 Netware, Open Enterprise Server 2026-04-16 N/A
The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and Novell Open Enterprise Server (OES) allows a client to force the server to use weak encryption by stating that a weak cipher is required for client compatibility, which might allow remote attackers to decrypt contents of an SSL protected session.
CVE-2005-1303 1 Citat.pl 1 Citat.pl 2026-04-16 N/A
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2006-4096 2 Isc, Redhat 2 Bind, Enterprise Linux 2026-04-16 N/A
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.