Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-2144 1 Free Peers 1 Bearshare 2026-04-16 N/A
Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows remote attackers to read files outside of the web root by hex-encoding the "/" (forward slash) or "." (dot) characters.
CVE-2004-1557 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.
CVE-2002-2145 1 Savant 1 Savant Webserver 2026-04-16 N/A
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
CVE-2004-1558 1 Ypops 1 Ypops 2026-04-16 N/A
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
CVE-2002-2146 1 Savant 1 Savant Webserver 2026-04-16 N/A
cgitest.exe in Savant Web Server 3.1 and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request.
CVE-2002-2189 2 Activxperts Software, Microsoft 2 Activwebserver, Windows 2003 Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ActiveXperts Software ActiveWebserver allows remote attackers to execute arbitrary web script via a link.
CVE-2005-4534 1 Mozilla 1 Bugzilla 2026-04-16 N/A
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-4545 1 Netdirect 1 Shopengine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-1559 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
CVE-2005-4546 1 Epic Designs 1 Eggblog 2026-04-16 N/A
search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.
CVE-2004-1562 1 W-agora 1 W-agora 2026-04-16 N/A
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2005-2236 1 Ibm 1 Aix 2026-04-16 N/A
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.
CVE-2006-2463 1 Out Of The Trees Web Design 1 Selectapix 2026-04-16 N/A
view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter.
CVE-2005-2799 1 Linksys 1 Wrt54g 2026-04-16 N/A
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.
CVE-2005-2812 1 Man2web 1 Man2web 2026-04-16 N/A
man2web allows remote attackers to execute arbitrary commands via -P arguments.
CVE-2005-2850 1 Whitsoft Development 1 Slimftpd 2026-04-16 N/A
SlimFTPd 3.17 allows remote attackers to cause a denial of service (crash) via certain (1) USER and (2) PASS commands, possibly due to a buffer overflow or off-by-one error.
CVE-2005-3277 1 Hp 1 Hp-ux 2026-04-16 N/A
The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote attackers to execute arbitrary code via shell metacharacters ("`" or single backquote) in a request that is not properly handled when an error occurs, as demonstrated by killing the connection, a different vulnerability than CVE-2002-1473.
CVE-2004-1572 1 Aj-fork 1 Aj-fork 2026-04-16 N/A
AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.
CVE-2006-2465 1 Mp3info 1 Mp3info 2026-04-16 N/A
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.
CVE-2006-2466 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."