Export limit exceeded: 348303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0533 | 1 Trend Micro | 15 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 12 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure. | ||||
| CVE-2006-0809 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | ||||
| CVE-2006-0810 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection. | ||||
| CVE-2006-1827 | 1 Digium | 1 Asterisk | 2026-04-16 | N/A |
| Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but triggers a buffer overflow when it is used as an unsigned length. | ||||
| CVE-2006-0811 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. | ||||
| CVE-2002-0583 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric characters) for temporary expense claim reports in the /reports/temp directory, which allows remote attackers to read the reports via a brute force attack. | ||||
| CVE-2002-0582 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 stores temporary expense claim reports in a world-readable and indexable /reports/temp directory, which allows remote attackers to read the reports by accessing the directory. | ||||
| CVE-2006-0812 | 1 Visnetic | 1 Visnetic Antivirus Plug-in For Mail Server | 2026-04-16 | N/A |
| The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. | ||||
| CVE-2002-0581 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQL commands and read, modify, or steal credentials from the database via the Qry parameter in the sprc.asp script. | ||||
| CVE-2005-3229 | 1 Clam Anti-virus | 1 Clamav | 2026-04-16 | N/A |
| Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | ||||
| CVE-2006-0814 | 1 Lighttpd | 1 Lighttpd | 2026-04-16 | N/A |
| response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. | ||||
| CVE-2006-0815 | 1 Networkactiv | 1 Networkactiv Web Server | 2026-04-16 | N/A |
| NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension. | ||||
| CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2026-04-16 | N/A |
| Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. | ||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2026-04-16 | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | ||||
| CVE-2006-1563 | 1 Vscripts | 1 Vbook | 2026-04-16 | N/A |
| Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts. | ||||
| CVE-2006-0862 | 1 Infovista | 1 Portalse | 2026-04-16 | N/A |
| Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. | ||||
| CVE-2006-1564 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory. | ||||
| CVE-2006-0863 | 1 Infovista | 1 Portalse | 2026-04-16 | N/A |
| InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message. | ||||
| CVE-2006-1565 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory. | ||||
| CVE-2002-0580 | 1 Workforceroi | 1 Xpede | 2026-04-16 | N/A |
| WorkforceROI Xpede 4.1 allows remote attackers to obtain the database username via a request to datasource.asp, which leaks the username in a form and allows the attacker to more easily conduct brute force password guessing attacks. | ||||