Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0432 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources.
CVE-2006-0375 1 Advantage Century Telecommunication 1 P202s 2026-04-16 N/A
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks.
CVE-2006-0372 1 Insane Visions 1 Blogphp 2026-04-16 N/A
Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie.
CVE-2006-0371 1 Noah Medling 1 Rcblog 2026-04-16 N/A
Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter.
CVE-2006-0370 1 Noah Medling 1 Rcblog 2026-04-16 N/A
Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes.
CVE-2006-3796 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.07 and earlier does not properly handle a username composed of a single space character, which allows remote authenticated users to login as the "space" user, post as the guest user, and block the ability of an administrator to ban the "space" user.
CVE-2006-3797 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote attackers to bypass authentication, spoof users, and modify settings via the (1) memberpw and (2) membercookie cookies.
CVE-2006-3799 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match the uppercase "UNION SELECT."
CVE-2006-3800 1 Amazing Flash Commerce 1 Afcommerce Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box.
CVE-2006-0368 1 Cisco 1 Call Manager 2026-04-16 N/A
Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727.
CVE-2006-0363 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
CVE-2001-0506 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
CVE-2006-3024 1 Evgenius 1 Evgenius Counter 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EvGenius Counter 3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) monthly.php and (2) daily.php.
CVE-2006-3023 1 Uapplication 1 Uphotogallery 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp in Uapplication Uphotogallery 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s and (2) block parameters.
CVE-2006-3021 1 Blue-collar Productions 1 I-gallery 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp.
CVE-2005-0089 2 Python, Redhat 2 Python, Enterprise Linux 2026-04-16 N/A
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
CVE-2004-2666 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
CVE-2003-1312 1 Netegrity 1 Siteminder 2026-04-16 N/A
siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.
CVE-2003-0728 1 Horde 1 Horde 2026-04-16 N/A
Horde before 2.2.4 allows remote malicious web sites to steal session IDs and read or create arbitrary email by stealing the ID from a referrer URL.
CVE-2003-0726 1 Realnetworks 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player 2026-04-16 N/A
RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.