Export limit exceeded: 26432 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26432 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3164 2 Apache, Hitachi 2 Tomcat, Cosminexus Application Server 2026-04-16 N/A
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
CVE-2005-3183 2 Redhat, W3c 2 Enterprise Linux, Libwww 2026-04-16 N/A
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
CVE-2005-3330 1 Snoopy 1 Snoopy 2026-04-16 N/A
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
CVE-2005-3946 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class.
CVE-2005-4214 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
CVE-2005-4320 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the application via a direct request to (1) doc.inc.php, (2) element.inc.php, and (3) node.inc.php, which leaks the path in an error message.
CVE-2005-4368 1 Roundcube 1 Webmail 2026-04-16 N/A
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
CVE-2006-0707 1 Pyblosxom 1 Pyblosxom 2026-04-16 N/A
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable.
CVE-2006-0861 1 Michael Salzer 1 Guestbox 2026-04-16 N/A
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog.
CVE-2006-0884 2 Mozilla, Redhat 2 Thunderbird, Enterprise Linux 2026-04-16 N/A
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
CVE-2006-0914 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly handle certain characters in the mostfreqthreshold parameter in duplicates.cgi, which allows remote attackers to trigger a SQL error.
CVE-2006-1192 2 Canon, Microsoft 3 Network Camera Server Vb101, Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to conduct phishing attacks by spoofing the address bar and other parts of the trust UI via unknown methods that allow "window content to persist" after the user has navigated to another site, aka the "Address Bar Spoofing Vulnerability." NOTE: this is a different vulnerability than CVE-2006-1626.
CVE-2006-1367 1 Motorola 2 Pebl U6, V600 2026-04-16 N/A
The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the Motorola E398 and other Motorola P2K-based phones does not require pairing for a connection related to the Headset Audio Gateway service, which allows user-assisted remote attackers to obtain AT level access and view phonebook entries and saved SMS messages by connecting on Bluetooth channel 3 and tricking the user into pressing Grant, aka a "Blueline" attack. NOTE: while user-assisted, the attack is made more feasible because of a GUI misrepresentation issue that allows a default message to be replaced by an attacker-specified one.
CVE-2006-1439 1 Apple 1 Mac Os X 2026-04-16 N/A
NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not re-enable secure event input under certain circumstances, which could allow other applications in the window session to monitor input characters and keyboard events.
CVE-2002-1663 1 Monkey-project 1 Monkey 2026-04-16 N/A
The Post_Method function in method.c for Monkey HTTP Daemon before 0.5.1 allows remote attackers to cause a denial of service (crash) via a POST request with an invalid or missing Content-Length header value.
CVE-2006-2111 1 Microsoft 1 Outlook Express 2026-04-16 N/A
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
CVE-2006-2223 2 Quagga, Redhat 2 Quagga, Enterprise Linux 2026-04-16 N/A
RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE.
CVE-2006-2535 1 Greg Donald 1 Destiney Links Script 2026-04-16 N/A
index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. NOTE: this issue might be resultant from a more serious issue such as directory traversal.
CVE-2006-2613 2 Mozilla, Netscape 3 Firefox, Mozilla Suite, Navigator 2026-04-16 N/A
Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents.
CVE-2006-2782 2 Mozilla, Redhat 3 Firefox, Seamonkey, Enterprise Linux 2026-04-16 N/A
Firefox 1.5.0.2 does not fix all test cases associated with CVE-2006-1729, which allows remote attackers to read arbitrary files by inserting the target filename into a text box, then turning that box into a file upload control.