Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2001-1153 | 1 Caldera | 1 Openunix | 2026-04-16 | N/A |
| lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument. | ||||
| CVE-2006-3886 | 1 Musicbox | 1 Musicbox | 2026-04-16 | N/A |
| SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360. | ||||
| CVE-2001-1157 | 1 Baltimore Technologies | 1 Websweeper | 2026-04-16 | N/A |
| Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly filter Javascript from HTML pages, which could allow remote attackers to bypass the filtering via (1) an extra leading < and one or more characters before the SCRIPT tag, or (2) tags using Unicode. | ||||
| CVE-2006-3905 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. | ||||
| CVE-2001-1195 | 1 Novell | 1 Groupwise | 2026-04-16 | N/A |
| Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. | ||||
| CVE-2003-1161 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, was modified to contain a backdoor, which could allow local users to elevate their privileges by passing __WCLONE|__WALL to the sys_wait4 function. | ||||
| CVE-2006-1669 | 1 Phpheaven | 1 Phpmychat | 2026-04-16 | N/A |
| SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team PHPMyChat 0.14.5 and earlier allows remote attackers to execute arbitrary SQL commands via the T parameter. NOTE: this issue can be leveraged to execute arbitrary shell commands since the username is later processed in an eval() call, but since the username originated from the SQL injection, it could be a resultant issue. | ||||
| CVE-2001-1210 | 1 Cisco | 3 Ubr920, Ubr924, Ubr925 | 2026-04-16 | N/A |
| Cisco ubr900 series routers that conform to the Data-over-Cable Service Interface Specifications (DOCSIS) standard must ship without SNMP access restrictions, which can allow remote attackers to read and write information to the MIB using arbitrary community strings. | ||||
| CVE-2000-0702 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. | ||||
| CVE-2000-0703 | 1 Larry Wall | 1 Perl | 2026-04-16 | N/A |
| suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. | ||||
| CVE-2000-0752 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. | ||||
| CVE-2006-4632 | 1 Softbb | 1 Softbb | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) groupe parameter in addmembre.php and the (2) select parameter in moveto.php. | ||||
| CVE-2001-1240 | 1 Engardelinux | 1 Secure Linux | 2026-04-16 | N/A |
| The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access. | ||||
| CVE-2006-4670 | 1 Gtasoft | 1 Photokorn Gallery | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PhotoKorn Gallery 1.52 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) includes/cart.inc.php or (2) extras/ext_cats.php. | ||||
| CVE-2000-0812 | 1 Sun | 1 Java System Web Server | 2026-04-16 | N/A |
| The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag. | ||||
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | ||||
| CVE-2006-1758 | 1 Bill Shupp | 1 Vegadns | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2000-1085 | 1 Microsoft | 2 Data Engine, Sql Server | 2026-04-16 | N/A |
| The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. | ||||
| CVE-1999-0268 | 1 Metainfo | 1 Metaweb | 2026-04-16 | N/A |
| MetaInfo MetaWeb web server allows users to upload, execute, and read scripts. | ||||
| CVE-2000-0021 | 1 Lotus | 1 Domino Server | 2026-04-16 | N/A |
| Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. | ||||