Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1358 1 Text.cgi 1 Text.cgi 2026-04-16 N/A
text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2006-4590 1 Jetstat.com 1 Js Asp Faq Manager 2026-04-16 N/A
SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector than CVE-2006-4463. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2001-1400 2 Linux, Redhat 2 Linux Kernel, Linux 2026-04-16 N/A
Unknown vulnerabilities in the UDP port allocation for Linux kernel before 2.2.19 could allow local users to cause a denial of service (deadlock).
CVE-2006-0727 1 Musox 1 Df Msanalysis 2026-04-16 N/A
SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA), as used in some environments that use CPG-Nuke Dragonfly CMS, allows remote attackers to trigger path disclosure from a SQL syntax error, and possibly execute arbitrary SQL commands, via certain query data, probably involving the profile name.
CVE-2006-4591 1 Alstrasoft 1 Template Seller 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in AlstraSoft Template Seller, and possibly AltraSoft Template Seller Pro 3.25, allow remote attackers to execute arbitrary PHP code via a URL in the config[template_path] parameter to (1) payment/payment_result.php or (2) /payment/spuser_result.php.
CVE-2006-4720 1 Mcgallery 1 Mcgallery Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
CVE-2005-1359 1 Text.cgi 1 Text.cgi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2006-4594 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681.
CVE-2006-4723 1 Raidenhttpd 1 Raidenhttpd 2026-04-16 N/A
PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter.
CVE-2005-1360 1 Graycms 1 Graycms 2026-04-16 N/A
PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.
CVE-2006-0732 1 Sap 1 Business Connector 2026-04-16 N/A
Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means.
CVE-2001-1429 1 Midnight Commander 1 Midnight Commander 2026-04-16 N/A
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
CVE-2006-4598 1 Sslinks 1 Sslinks 2026-04-16 N/A
Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) go parameter and (2) id parameter in a rate action.
CVE-2006-0735 2 Fuzzymonkey, M Blom 2 My Blog, Html-bbcode 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom HTML::BBCode 1.04 and earlier, as used in products such as My Blog before 1.65, allows remote attackers to inject arbitrary Javascript via a javascript URI in an (1) img or (2) url BBcode tag.
CVE-2006-4601 1 Annuaire 1 1two 2026-04-16 N/A
SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4740 1 Jetbox 1 Jetbox Cms 2026-04-16 N/A
Jetbox CMS allows remote attackers to obtain sensitive information via a direct request for certain files, which reveal the path in an error message.
CVE-2005-1365 1 Pico Server 1 Pico Server 2026-04-16 N/A
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences.
CVE-2005-1366 1 Pico Server 1 Pico Server 2026-04-16 N/A
Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL.
CVE-2006-0738 1 Estara 1 Softphone 2026-04-16 N/A
Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address).
CVE-2006-4605 1 Longino 1 Jacome Php-revista 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter.