Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0068 1 Primo Place 1 Primo Cart 2026-04-16 N/A
SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) q parameter to search.php and (2) email parameter to user.php.
CVE-2004-2437 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
CVE-2006-3534 1 Nullsoft 1 Shoutcast Server 2026-04-16 N/A
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.6 filters directory traversal sequences before decoding, which allows remote attackers to read arbitrary files via encoded dot dot (%2E%2E) sequences in an HTTP GET request for a file path containing "/content".
CVE-2004-2439 1 Hp 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more 2026-04-16 N/A
The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.
CVE-2006-0071 1 Gentoo 2 App-crypt Pinentry, Linux 2026-04-16 N/A
The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.
CVE-2004-2440 1 Proxytunnel 1 Proxytunnel 2026-04-16 N/A
Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.
CVE-2004-2441 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."
CVE-2006-3541 1 Kyberna 1 Ky2help 2026-04-16 N/A
SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ky2help allows remote authenticated users to execute arbitrary SQL commands via unspecified "textboxes."
CVE-2006-0072 1 Sco 1 Openserver 2026-04-16 N/A
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.
CVE-2006-0073 1 Discusware 2 Discus Freeware, Discus Professional 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware 3.10.5 and Professional 3.10.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a URL, which is not properly sanitized from the resulting error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-2442 1 F-secure 5 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 2 more 2026-04-16 N/A
Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.
CVE-2004-2443 1 Jaws 1 Jaws 2026-04-16 N/A
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
CVE-2000-1054 1 Cisco 1 Secure Access Control Server 2026-04-16 N/A
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
CVE-2004-2445 1 Jaws 1 Jaws 2026-04-16 N/A
Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter.
CVE-2006-3542 1 Boxcar Media 1 Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown Shopping Cart 0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) shop name field in (a) editshop.php, (b) edititem.php, and (c) index.php; and via the (2) item field in editshop.php and edititem.php.
CVE-2006-0075 1 Gnu 1 Phpbook 2026-04-16 N/A
Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file.
CVE-2004-2446 1 1st Class Internet Solutions 1 1st Class Mail Server 2026-04-16 N/A
Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot dot) sequences in unknown vectors.
CVE-2004-2447 1 1st Class Internet Solutions 1 1st Class Mail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz.
CVE-2006-0077 1 Richard Dawe 1 File Extattr 2026-04-16 N/A
Off-by-one error in the getfattr function in File::ExtAttr before 0.03 allows attackers to trigger a buffer overflow via unspecified attack vectors.
CVE-2004-2448 2 Cassiopeia, Itransact 2 S-mart Shopping Cart, Redicart 2026-04-16 N/A
S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.