Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363327 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0450 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | ||||
| CVE-2005-4208 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module. | ||||
| CVE-2005-4249 | 1 Adp | 1 Adp Forum | 2026-04-16 | N/A |
| ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory. | ||||
| CVE-2005-4258 | 1 Cisco | 71 Catalyst, Catalyst 1200 Series, Catalyst 1900 Series and 68 more | 2026-04-16 | N/A |
| Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | ||||
| CVE-2005-4292 | 1 Internet Express Products | 1 Commercesql | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature. | ||||
| CVE-2005-4318 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. | ||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. | ||||
| CVE-2005-4346 | 1 Anthony Boyd | 1 Phpbb Blog | 2026-04-16 | N/A |
| Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error. | ||||
| CVE-2001-0610 | 2 Kde, Suse | 2 Kde, Suse Linux | 2026-04-16 | N/A |
| kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp. | ||||
| CVE-2006-0492 | 1 Vincent Hor | 1 Calendarix | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Calendarix allow remote attackers to execute arbitrary SQL commands via (1) the catview parameter in cal_functions.inc.php and (2) the login parameter in cal_login.php. NOTE: the catview vector might overlap CVE-2005-1865. | ||||
| CVE-2006-0494 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 allows local users with MyBB administrative privileges to include and possibly execute arbitrary local files via directory traversal sequences and a nul (%00) character in the plugin parameter. | ||||
| CVE-2006-0521 | 1 Browsercrm | 1 Browsercrm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag. | ||||
| CVE-2005-0887 | 1 Michael Dean | 1 Double Choco Latte | 2026-04-16 | N/A |
| Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement. | ||||
| CVE-2000-0423 | 1 Netwin | 1 Dnews | 2026-04-16 | N/A |
| Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag. | ||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | ||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2026-04-16 | N/A |
| NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product. | ||||
| CVE-2005-3357 | 2 Apache, Redhat | 2 Http Server, Enterprise Linux | 2026-04-16 | N/A |
| mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. | ||||
| CVE-2005-4407 | 1 Tmc Visionpool | 1 Mercury Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. | ||||
| CVE-2005-3538 | 1 Ifax Solutions | 1 Hylafax | 2026-04-16 | N/A |
| hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | ||||
| CVE-2005-3539 | 1 Hylafax | 1 Hylafax | 2026-04-16 | N/A |
| Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3. | ||||