Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4582 | 1 Scott Draves | 1 Electric Sheep | 2026-04-16 | N/A |
| Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. NOTE: the same attack vectors apply to common web browsers that are able to communicate with untrusted web servers, and other problems related to DNS design issues. Therefore this may not be a specific vulnerability. However, a client would reasonably expect to receive content only from the server. | ||||
| CVE-2005-4584 | 1 Bzflag | 1 Bzflag Server | 2026-04-16 | N/A |
| BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character. | ||||
| CVE-2006-2212 | 1 Karjasoft | 1 Sami Ftp Server | 2026-04-16 | N/A |
| Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. | ||||
| CVE-2006-2497 | 1 Aspbb | 1 Aspbb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. | ||||
| CVE-2006-2501 | 1 Sun | 4 Java System Application Server, Java System Web Server, One Application Server and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. | ||||
| CVE-2006-4684 | 1 Zope | 1 Zope | 2026-04-16 | N/A |
| The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | ||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT 4.0 beta allows users to read and delete shares. | ||||
| CVE-1999-0432 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| ftp on HP-UX 11.00 allows local users to gain privileges. | ||||
| CVE-1999-0444 | 1 Microsoft | 3 Windows 95, Windows 98, Windows Nt | 2026-04-16 | N/A |
| Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. | ||||
| CVE-1999-0447 | 1 Hp | 1 Mpe Ix | 2026-04-16 | N/A |
| Local users can gain privileges using the debug utility in the MPE/iX operating system. | ||||
| CVE-1999-0469 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. | ||||
| CVE-1999-1370 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) the screen saver, which could leave the system open to users with physical access if a failure occurs during an unattended installation, and (2) the Task Scheduler Service, which might prevent the scheduled execution of security-critical programs. | ||||
| CVE-1999-1538 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in /scripts/iisadmin, which does not restrict access to the local machine and allows an unauthorized user to gain access to sensitive server information, including the Administrator's password. | ||||
| CVE-2000-0005 | 1 Hp | 3 9000, Aserver, Hp-ux | 2026-04-16 | N/A |
| HP-UX aserver program allows local users to gain privileges via a symlink attack. | ||||
| CVE-2004-0771 | 2 Redhat, Tsugio Okamoto | 2 Enterprise Linux, Lha | 2026-04-16 | N/A |
| Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries. | ||||
| CVE-2005-1752 | 1 Gforge | 1 Gforge | 2026-04-16 | N/A |
| viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. | ||||
| CVE-2005-4588 | 1 Dream4 | 1 Koobi | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3797 | 1 Deluxebb | 1 Deluxebb | 2026-04-16 | N/A |
| SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies. | ||||
| CVE-2006-3799 | 1 Deluxebb | 1 Deluxebb | 2026-04-16 | N/A |
| DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT." | ||||
| CVE-2006-3800 | 1 Amazing Flash Commerce | 1 Afcommerce Shopping Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box. | ||||