Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-1681 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
CVE-2006-4829 1 Blojsom 1 Blojsom 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.
CVE-2006-4835 1 Bluview 1 Blue Magic Board 2026-04-16 N/A
Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) db_mysql_error.php, (4) langlist.php, (5) sendmail.php, or (6) style.php, which reveals the path in various error messages.
CVE-1999-0016 6 Cisco, Gnu, Hp and 3 more 8 Ios, Inet, Hp-ux and 5 more 2026-04-16 N/A
Land IP denial of service.
CVE-2004-1614 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
CVE-2004-1612 1 Saleslogix Corporation 1 Saleslogix 2026-04-16 N/A
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
CVE-2004-1610 2 Best Software, Saleslogix Corporation 2 Saleslogix, Saleslogix 2026-04-16 N/A
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
CVE-2004-1605 2 Best Software, Saleslogix Corporation 2 Saleslogix, Saleslogix 2026-04-16 N/A
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
CVE-2004-1604 1 Cpanel 1 Cpanel 2026-04-16 N/A
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
CVE-2004-1595 1 Shixxnote 1 Shixxnote 2026-04-16 N/A
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
CVE-2004-1594 1 E-zone Media Inc. 1 Fusetalk 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.
CVE-2004-1487 2 Gnu, Redhat 2 Wget, Enterprise Linux 2026-04-16 N/A
wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences.
CVE-2005-2260 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user.
CVE-2006-1486 1 Fusionzone 1 Realestatezone 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters.
CVE-2006-3268 1 Novell 1 Groupwise 2026-04-16 N/A
Unspecified vulnerability in the Windows Client API in Novell GroupWise 5.x through 7 might allow users to obtain "random programmatic access" to other email within the same post office.
CVE-2000-0892 2 Caldera, U Win 2 Openlinux, U Win 2026-04-16 N/A
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
CVE-2005-4202 1 Logisphere 1 Logisphere 2026-04-16 N/A
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in the source parameter to viewsource.jsp, or (5) "..\" (dot dot backslash) sequences in the NS-query-pat parameter to the search URL. URL.
CVE-2004-1175 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2026-04-16 N/A
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
CVE-2004-0490 1 Cpanel 1 Cpanel 2026-04-16 N/A
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
CVE-1999-0944 2026-04-16 N/A
IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections.