Export limit exceeded: 349971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349971 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1417 | 1 Inso | 1 Answerbook2 | 2026-04-16 | N/A |
| Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via encoded % characters in an HTTP request, which is improperly logged. | ||||
| CVE-2006-2787 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2026-04-16 | N/A |
| EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox. | ||||
| CVE-1999-0600 | 2026-04-16 | N/A | ||
| A network intrusion detection system (IDS) does not verify the checksum on a packet. | ||||
| CVE-1999-0601 | 2026-04-16 | N/A | ||
| A network intrusion detection system (IDS) does not properly handle data within TCP handshake packets. | ||||
| CVE-2006-2789 | 1 Gnome | 1 Evolution | 2026-04-16 | N/A |
| Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-internet-address.c when a null pointer is used. | ||||
| CVE-1999-0607 | 1 I-soft | 1 Quikstore | 2026-04-16 | N/A |
| quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under the web document root with insufficient access control, which allows remote attackers to obtain the cleartext administrator password and gain privileges. | ||||
| CVE-1999-1418 | 1 Mirabilis | 1 Icq Web Front | 2026-04-16 | N/A |
| ICQ99 ICQ web server build 1701 with "Active Homepage" enabled generates allows remote attackers to determine the existence of files on the server by comparing server responses when a file exists ("404 Forbidden") versus when a file does not exist ("404 not found"). | ||||
| CVE-1999-0618 | 2026-04-16 | N/A | ||
| The rexec service is running. | ||||
| CVE-2006-2792 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | ||||
| CVE-2006-2793 | 1 Aspsitem | 1 Aspsitem | 2026-04-16 | N/A |
| SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | ||||
| CVE-2006-2794 | 1 Aspsitem | 1 Aspsitem | 2026-04-16 | N/A |
| Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter. | ||||
| CVE-1999-0627 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. | ||||
| CVE-2006-2795 | 1 Xiti | 1 Xiti Tracking Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2796 | 1 New-place | 1 Captivate | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in gallery.php in Captivate 1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter, which is reflected in an error message. | ||||
| CVE-1999-0628 | 4 Freebsd, Ibm, Linux and 1 more | 4 Freebsd, Aix, Linux Kernel and 1 more | 2026-04-16 | N/A |
| The rwho/rwhod service is running, which exposes machine status and user information. | ||||
| CVE-1999-0638 | 2026-04-16 | N/A | ||
| The daytime service is running. | ||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | ||||
| CVE-1999-0650 | 2026-04-16 | N/A | ||
| The netstat service is running, which provides sensitive information to remote attackers. | ||||
| CVE-1999-0653 | 2026-04-16 | N/A | ||
| A component service related to NIS+ is running. | ||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. | ||||