Export limit exceeded: 351494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2544 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | ||||
| CVE-1999-1402 | 2 Freebsd, Sun | 3 Freebsd, Solaris, Sunos | 2026-04-16 | N/A |
| The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket. | ||||
| CVE-1999-0482 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| OpenBSD kernel crash through TSS handling, as caused by the crashme program. | ||||
| CVE-2006-2543 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2026-04-16 | N/A |
| Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php. | ||||
| CVE-2006-2542 | 1 Ti Kan | 1 Xmcd | 2026-04-16 | N/A |
| xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | ||||
| CVE-2006-2541 | 1 John Andersson | 1 Zixforum | 2026-04-16 | N/A |
| SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. | ||||
| CVE-2006-2540 | 1 Dieselscripts | 1 Diesel Job Site | 2026-04-16 | N/A |
| Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | ||||
| CVE-2006-2539 | 1 Sybase | 1 Easerver | 2026-04-16 | N/A |
| Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | ||||
| CVE-2006-2538 | 2 Ie Tab, Mozilla | 2 Ie Tab, Firefox | 2026-04-16 | N/A |
| IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. Some third-party researchers claim that they are unable to reproduce this vulnerability. | ||||
| CVE-1999-0481 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| Denial of service in "poll" in OpenBSD. | ||||
| CVE-2006-2537 | 3 Horizontal Shooter Bor, Openbor, Senile Team | 3 Horizontal Shooter Bor, Openbor, Beats Of Rage | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function. | ||||
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | ||||
| CVE-2006-2535 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal. | ||||
| CVE-1999-0480 | 1 Midnight Commander | 1 Midnight Commander | 2026-04-16 | N/A |
| Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. | ||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | ||||
| CVE-2000-0027 | 1 Ibm | 1 Network Station Manager | 2026-04-16 | N/A |
| IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. | ||||
| CVE-1999-1393 | 1 Apple | 1 Macos | 2026-04-16 | N/A |
| Control Panel "Password Security" option for Apple Powerbooks allows attackers with physical access to the machine to bypass the security by booting it with an emergency startup disk and using a disk editor to modify the on/off toggle or password in the aaaaaaaAPWD file, which is normally inaccessible. | ||||
| CVE-1999-0479 | 2 Hp, Netscape | 2 Hp-ux, Enterprise Server | 2026-04-16 | N/A |
| Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems. | ||||
| CVE-2006-2530 | 1 Snitz Communications | 2 Avatar Mod, Snitz Forums 2000 | 2026-04-16 | N/A |
| avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | ||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | ||||