Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1050 1 Kwik-pay 1 Kwik-pay Payroll 2026-04-16 N/A
Kwik-Pay Payroll 4.2.20, and possibly other versions, stores the KwikPay.mdb database file with insecure permissions, which allows local users to obtain sensitive information such as employment and payment data. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: the vendor has disputed this vulnerability, stating that "The kwikpay.mdb file supplied with kwikpay is a template for the database structure of user databases created by kwikpay and to store a demonstration payroll. It does not contain any sensitive user information. When a user payroll database is opened, the encryption of the database is checked and if the database is not encrypted, the user is prompted to encrypt the database, but the choice is the customers.
CVE-2006-1589 1 Netbsd 1 Netbsd 2026-04-16 N/A
The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference.
CVE-2006-1747 1 Vwar 1 Virtual War 2026-04-16 N/A
PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter to (1) admin/admin.php, (2) war.php, (3) stats.php, (4) news.php, (5) joinus.php, (6) challenge.php, (7) calendar.php, (8) member.php, (9) popup.php, and other unspecified scripts in the admin folder. NOTE: these are different attack vectors than CVE-2006-1636 and CVE-2006-1503.
CVE-2006-1059 1 Samba 1 Samba 2026-04-16 N/A
The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine trust account password in cleartext in log files, which allows local users to obtain the password and spoof the server in the domain.
CVE-2006-1590 2 Kevin Johnson, Roman Danyliw 2 Basic Analysis And Security Engine, Analysis Console For Intrusion Databases \(acid\) 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation.
CVE-2006-1063 1 Lurker 1 Lurker 2026-04-16 N/A
Unspecified vulnerability in Lurker 2.0 and earlier allows remote attackers to create or overwrite files in any writable directory that is named "mbox".
CVE-2006-1064 1 Lurker 1 Lurker 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-1999-1132 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
CVE-2006-1076 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-1999-1148 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
CVE-1999-1259 1 Microsoft 1 Office 2026-04-16 N/A
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
CVE-1999-1279 1 Microsoft 1 Sna Server 2026-04-16 N/A
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
CVE-1999-1363 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
CVE-1999-1452 1 Microsoft 1 Windows Nt 2026-04-16 N/A
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
CVE-2006-1077 1 Evo-dev 1 Evoblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.
CVE-2006-1595 1 Claroline 1 Claroline 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command.
CVE-1999-1478 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
CVE-2000-1200 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
CVE-2001-0507 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
CVE-2001-0540 1 Microsoft 1 Terminal Server 2026-04-16 N/A
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.