Export limit exceeded: 361116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361116 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1882 | 1 Yapig | 1 Yapig | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter. | ||||
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2026-04-16 | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | ||||
| CVE-2005-1568 | 1 Directtopics | 1 Directtopics | 2026-04-16 | N/A |
| topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message. | ||||
| CVE-2005-1569 | 1 Directtopics | 1 Directtopics | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag. | ||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2026-04-16 | N/A |
| forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | ||||
| CVE-2005-1571 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. | ||||
| CVE-2005-1572 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2026-04-16 | N/A |
| ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083. | ||||
| CVE-2005-1573 | 1 Darrel Oneil | 1 Asp Virtual News Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2006-2265 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-1576 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | ||||
| CVE-2006-2271 | 2 Lksctp, Redhat | 2 Lksctp, Enterprise Linux | 2026-04-16 | N/A |
| The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via an unexpected chunk when the session is in CLOSED state. | ||||
| CVE-2005-1584 | 1 Open Solution | 1 Quick.forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. | ||||
| CVE-2006-2272 | 2 Lksctp, Redhat | 2 Stream Control Transmission Protocol, Enterprise Linux | 2026-04-16 | N/A |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (kernel panic) via incoming IP fragmented (1) COOKIE_ECHO and (2) HEARTBEAT SCTP control chunks. | ||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2026-04-16 | N/A |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2026-04-16 | N/A |
| SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | ||||
| CVE-2006-2275 | 3 Canonical, Lksctp, Redhat | 3 Ubuntu Linux, Stream Control Transmission Protocol, Enterprise Linux | 2026-04-16 | 7.5 High |
| Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." | ||||
| CVE-2005-1602 | 1 Net56 | 1 File Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | ||||
| CVE-2005-1611 | 1 Web Crossing Inc | 1 Web Crossing | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script. | ||||
| CVE-2005-1613 | 1 Openbb | 1 Openbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action. | ||||
| CVE-2006-2286 | 1 Dokeos | 2 Dokeos, Dokeos Community Release | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in claro_init_global.inc.php in Dokeos 1.6.3 and earlier, and Dokeos community release 2.0.3, allow remote attackers to execute arbitrary PHP code via a URL in the (1) rootSys and (2) clarolineRepositorySys parameters, and possibly the (3) lang_path, (4) extAuthSource, (5) thisAuthSource, (6) main_configuration_file_path, (7) phpDigIncCn, and (8) drs parameters to (a) testheaderpage.php and (b) resourcelinker.inc.php. | ||||