Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1554 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.
CVE-2005-1555 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
CVE-2006-2264 1 Ocean12 Technologies 1 Calendar Manager Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro 1.00 allow remote attackers to execute arbitrary SQL commands via the (1) date parameter to admin/main.asp, (2) SearchFor parameter to admin/view.asp, or (3) ID parameter to admin/edit.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-1560 1 Neteyes 1 Nexusway 2026-04-16 N/A
The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.
CVE-2005-1561 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter.
CVE-2005-1563 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.
CVE-2005-1564 1 Mozilla 1 Bugzilla 2026-04-16 N/A
post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.
CVE-2005-1568 1 Directtopics 1 Directtopics 2026-04-16 N/A
topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.
CVE-2005-1569 1 Directtopics 1 Directtopics 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.
CVE-2005-1570 1 Battleaxe Software 1 Bttlxeforum 2026-04-16 N/A
forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability.
CVE-2005-1571 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
CVE-2005-1572 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083.
CVE-2005-1573 1 Darrel Oneil 1 Asp Virtual News Manager 2026-04-16 N/A
SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2006-2265 1 Ocean12 Technologies 1 Calendar Manager Pro 2026-04-16 N/A
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-1576 1 Mozilla 1 Firefox 2026-04-16 N/A
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
CVE-2006-2271 2 Lksctp, Redhat 2 Lksctp, Enterprise Linux 2026-04-16 N/A
The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state.
CVE-2005-1584 1 Open Solution 1 Quick.forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
CVE-2006-2272 2 Lksctp, Redhat 2 Stream Control Transmission Protocol, Enterprise Linux 2026-04-16 N/A
Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks.
CVE-2005-1595 1 Codethat 1 Shoppingcart 2026-04-16 N/A
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2005-1598 1 Invision Power Services 2 Invision Board, Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.