Filtered by NVD-CWE-Other
Total 29947 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2005-4225 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838.
CVE-2006-2098 1 Php Thumbnail Autoindex 1 Php Thumbnail Autoindex 2026-04-16 N/A
PHP remote file inclusion vulnerability in Thumbnail AutoIndex before 2.0 allows remote attackers to execute arbitrary PHP code via (1) README.html or (2) HEADER.html.
CVE-2005-4229 1 Everyauction 1 Everyauction 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and independently verified using source code inspection.
CVE-2005-4231 1 Php Web Scripts 1 Link Up Gold 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php.
CVE-2002-1737 1 Astaro 1 Security Linux 2026-04-16 N/A
Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files.
CVE-2005-4243 1 Quickpaypro 1 Quickpaypro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php.
CVE-2005-4254 1 Dreamlevels 1 Dream Poll 2026-04-16 N/A
SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1314 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
CVE-2004-1025 3 Enlightenment, Gentoo, Redhat 4 Imlib, Linux, Enterprise Linux and 1 more 2026-04-16 N/A
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVE-2006-1324 1 Woltlab 1 Burning Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.
CVE-2006-2107 1 Bl4 1 Smtp Server 2026-04-16 N/A
Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3) RCPT TO commands.
CVE-2002-1755 1 Tinc 1 Tinc 2026-04-16 N/A
tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, which allows remote attackers to inject data into user sessions without detection, and possibly control the data contents via cut-and-paste attacks on CBC.
CVE-2004-2511 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
CVE-2002-1760 1 Phprojekt 1 Phprojekt 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 allow remote attackers to execute arbitrary SQL commands via the unknown attack vectors.
CVE-2002-1763 1 Sun 1 Sunos 2026-04-16 N/A
The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" and "Return" keys are pressed repeatedly and quickly, which allows local users to access the current session.
CVE-2004-0802 9 Conectiva, Enlightenment, Imagemagick and 6 more 16 Linux, Imlib, Imlib2 and 13 more 2026-04-16 N/A
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVE-2004-0805 2 Mandrakesoft, Mpg123 3 Mandrake Linux, Mandrake Linux Corporate Server, Mpg123 2026-04-16 N/A
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
CVE-2005-4261 1 Positive Software 1 Cp\+ 2026-04-16 N/A
Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to have unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.
CVE-2005-4262 1 Envolution 1 Envolution 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263).
CVE-2002-1776 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed