Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2006-2347 1 Oasyssoft 1 E-business Designer 2026-04-16 N/A
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.
CVE-2006-2732 1 Mini-nuke 1 Mini-nuke 2026-04-16 N/A
SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) yas_1, (2) yas_2, and (3) yas_3 parameters.
CVE-2005-1946 1 Invision Power Services 1 Invision Community Blog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action.
CVE-2005-1922 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
CVE-2006-2734 1 Mini-nuke 1 Mini-nuke 2026-04-16 N/A
enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote attackers to conduct password guessing attacks by setting the guvenlik parameter to the same value as the hidden gguvenlik parameter, which bypasses a verification step because the gguvenlik parameter is assumed to be immutable by the attacker.
CVE-2006-1975 1 Stadtaus.com 1 Php-gastebuch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in PHP-Gastebuch 1.61 allows remote attackers to inject arbitrary web script or HTML via the Kommentar field.
CVE-1999-0437 1 Ramp Networks 1 Webramp 2026-04-16 N/A
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.
CVE-1999-0442 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Solaris ff.core allows local users to modify files.
CVE-1999-0452 2026-04-16 N/A
A service or application has a backdoor password that was placed there by the developer.
CVE-2006-0924 1 Brown Bear Software 1 Ical 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 allows remote attackers to inject arbitrary web script or HTML via the Calendar Text field when a new event is added. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0909 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers to view sensitive information via a direct request to multiple PHP scripts that include the full path in error messages, including (1) PEAR/Text/Diff/Renderer/inline.php, (2) PEAR/Text/Diff/Renderer/unified.php, (3) PEAR/Text/Diff3.php, (4) class_db.php, (5) class_db_mysql.php, and (6) class_xml.php in the ips_kernel/ directory; (7) mysql_admin_queries.php, (8) mysql_extra_queries.php, (9) mysql_queries.php, and (10) mysql_subsm_queries.php in the sources/sql directory; (11) sources/acp_loaders/acp_pages_components.php; (12) sources/action_admin/member.php and (13) sources/action_admin/paysubscriptions.php; (14) login.php, (15) messenger.php, (16) moderate.php, (17) paysubscriptions.php, (18) register.php, (19) search.php, (20) topics.php, (21) and usercp.php in the sources/action_public directory; (22) bbcode/class_bbcode.php, (23) bbcode/class_bbcode_legacy.php, (24) editor/class_editor_rte.php, (25) editor/class_editor_std.php, (26) post/class_post.php, (27) post/class_post_edit.php, (28) post/class_post_new.php, (29) and post/class_post_reply.php in the sources/classes directory; (30) sources/components_acp/registration_DEPR.php; (31) sources/handlers/han_paysubscriptions.php; (32) func_usercp.php; (33) search_mysql_ftext.php, and (34) search_mysql_man.php in the sources/lib/ directory; and (35) convert/auth.php.bak, (36) external/auth.php, and (37) ldap/auth.php in the sources/loginauth directory.
CVE-2006-2592 1 Dschat 1 Dschat 2026-04-16 N/A
Unspecified vulnerability in DSChat 1.0 allows remote attackers to execute arbitrary PHP code via the Nickname field, which is not sanitized before creating a file in a user directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-3486 1 Scorched 3d 1 Scorched 3d 2026-04-16 N/A
Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.
CVE-2001-0452 1 Brs 1 Webweaver 2026-04-16 N/A
BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to obtain the real pathname of the server via a "CD *" command followed by an ls command.
CVE-2004-1895 1 Suse 1 Suse Linux 2026-04-16 N/A
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.
CVE-2003-0421 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote attackers to cause a denial of service (crash) via an MS-DOS device name (e.g. AUX) in a request to HTTP port 1220, a different vulnerability than CVE-2003-0502.
CVE-2006-2152 1 Phpbb Group 1 Phpbb Advanced Guestbook 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
CVE-2006-1965 1 Aasi Media 1 Net Clubs Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi.
CVE-2006-2240 1 Fujitsu 4 Netshelter Fw, Netshelter Fw-l, Netshelter Fw-m and 1 more 2026-04-16 N/A
Unspecified vulnerability in the (1) web cache or (2) web proxy in Fujitsu NetShelter/FW allows remote attackers to cause a denial of service (device unresponsiveness) via certain DNS packets, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2006-4974 1 Ipswitch 1 Ws Ftp Server 2026-04-16 N/A
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.