Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-0316 1 Webwasher 1 Webwasher Classic 2026-04-16 N/A
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
CVE-2005-0968 1 Broadcom 1 Etrust Intrusion Detection 2026-04-16 N/A
Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
CVE-2005-1818 1 Newlife Blogger 1 Newlife Blogger 2026-04-16 N/A
Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 allow remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-1999-0350 1 Rational Software 1 Clearcase 2026-04-16 N/A
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
CVE-2005-1823 1 Qualiteam 1 X-cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id parameter to error_message.php, (6) section parameter to help.php, (7) mode parameter to orders.php, (8) mode parameter to register.php, (9) mode parameter to search.php, or the (10) gcid or (11) gcindex parameter to giftcert.php.
CVE-1999-0353 1 Hp 1 Hp-ux 2026-04-16 N/A
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
CVE-2002-0171 1 Sgi 1 Irisconsole 2026-04-16 N/A
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
CVE-1999-0356 2026-04-16 N/A
ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book.
CVE-2006-2908 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
The domecode function in inc/functions_post.php in MyBulletinBoard (MyBB) 1.1.2, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the username field, which is used in a preg_replace function call with a /e (executable) modifier.
CVE-2006-2912 1 Out Of The Trees Web Design 1 Selectapix 2026-04-16 N/A
Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote attackers to execute arbitrary SQL commands via the (1) albumID parameter to (a) view_album.php or (b) index.php, (2) imageID parameter to (c) popup.php, or (3) username and (4) password parameters to (d) admin/member.php.
CVE-2006-2960 1 Joomla 1 Joomla 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter.
CVE-2005-1839 1 Liberum 1 Liberum Help Desk 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp.
CVE-2006-2970 1 L0j1k 1 Tinymuw 2026-04-16 N/A
videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain sensitive information via a certain id parameter, probably with an invalid value, which reveals the path in an error message.
CVE-2005-1840 1 Phpcms 1 Phpcms 2026-04-16 N/A
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.
CVE-2006-2985 1 Integramod 1 Integramod 2026-04-16 N/A
SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "'" characters in the STYLE_URL parameter.
CVE-2005-3176 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
CVE-2005-1859 1 Sgi 1 Propack 2026-04-16 N/A
Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.
CVE-2001-1519 1 Microsoft 1 Windows 2000 2026-04-16 N/A
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to exploit it
CVE-2005-1864 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVE-1999-0358 1 Digital 1 Unix 2026-04-16 N/A
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.