Export limit exceeded: 13802 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2372 1 Oracle 1 Forms 2026-04-16 N/A
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.
CVE-2006-1945 1 Awstats 1 Awstats 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732.
CVE-2006-1934 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Instruments file code, or (3) NetXray/Windows Sniffer file code.
CVE-2005-2336 1 Hiki 1 Hiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803.
CVE-2005-2328 1 Laffer 1 Laffer 2026-04-16 N/A
PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable.
CVE-2005-2323 2 Class-1, Clever Copy 2 Class-1 Forum, Clever Copy 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and 0.23.2, and Clever Copy with forums installed, allow remote attackers to modify SQL statements via the (1) id parameter to viewattach.php, (2) viewuser_id parameter to users.php, or the (3) id or (4) forum parameter to viewforum.php.
CVE-2006-1922 1 Sweetphp 1 Totalcalendar 2026-04-16 N/A
PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter.
CVE-2006-1914 1 Dbbs 1 Dbbs 2026-04-16 N/A
DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. NOTE: this information leak might be resultant from a global variable overwrite issue.
CVE-2005-2299 1 Man And Machine Ltd. 1 Simple Message Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2) UID parameter to user.cfm, (3) TID parameter to thread.cfm, or (4) PostDate parameter to search.cfm.
CVE-2006-1913 1 Jax Scripts 1 Jax Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-2288 1 Phpcounter 1 Phpcounter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.
CVE-2006-1908 1 Mywebland 1 Myevent 2026-04-16 N/A
Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-2285 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
CVE-2005-2759 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue.
CVE-2005-2280 1 Cisco 1 Security Agent 2026-04-16 N/A
Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a denial of service (system crash) via a crafted IP packet.
CVE-2005-2270 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
CVE-2005-2244 1 Cisco 1 Call Manager 2026-04-16 N/A
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
CVE-2005-2744 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.
CVE-2005-2214 1 Debian 1 Apt-setup 2026-04-16 N/A
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2006-1899 1 Dev 1 Neuron Blog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) website parameters.