Export limit exceeded: 363285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0094 1 Oaboard 1 Oaboard 2026-04-16 N/A
PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-0038 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.
CVE-2005-4874 1 Mozilla 1 Mozilla 2026-04-16 N/A
The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.
CVE-2003-1419 1 Netscape 1 Navigator 2026-04-16 N/A
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
CVE-2005-4865 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
CVE-2005-4159 1 Simple Machines 1 Simple Machines Forum 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in Memberlist.php in Simple Machines Forum (SMF) 1.1 rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. NOTE: the vendor says that since only one character can be modified, there is no SQL injection. Thus this might be an "invalid SQL syntax error." Multiple followups support the vendor
CVE-2005-4161 1 Milliscripts 1 Milliscripts 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote attackers to inject arbitrary web script or HTML via the domainname parameter to register.php, and other unspecified vectors. NOTE: the vendor has disputed this issue, stating "No invalid input can reach the script.
CVE-2006-2605 1 Dschat 1 Dschat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatbox, probably involving the ctext parameter to send.php.
CVE-2005-4194 1 Innovateware 1 Sights N Sounds Streaming Media Server 2026-04-16 N/A
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string.
CVE-2006-2607 2 Paul Vixie, Redhat 2 Vixie Cron, Enterprise Linux 2026-04-16 N/A
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
CVE-2005-4199 1 Mybb 1 Mybb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php.
CVE-2005-4203 1 Logisphere 1 Logisphere 2026-04-16 N/A
LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this description accurately reflects the discloser's claim and is distinct from the XSS issue.
CVE-2005-4209 1 Alt-n 2 Mdaemon, Worldclient 2026-04-16 N/A
WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents the user from being able to access the Inbox folder, possibly due to a cross-site scripting (XSS) vulnerability.
CVE-2005-4210 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title.
CVE-2005-4216 1 Macromedia 1 Flash Media Server 2026-04-16 N/A
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
CVE-2005-4225 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attackers to execute arbitrary SQL commands via (1) the category parameter in add.php, (2) the cat_desc parameter in addcat.php, (3) the level and user parameters in adduser.php, (4) the post_id parameter in del.php, (5) the cat_id parameter in delcat.php, (6) the comment_id parameter in delcomment.php, (7) the id parameter in deluser.php, (8) the post_id and category parameter in edit.php, (9) the cat_id and cat_desc parameters in editcat.php, and (10) the id, level, and user parameters in edituser.php. NOTE: the username/login.php vector is already identified by CVE-2005-2838.
CVE-2005-4233 1 Php Web Scripts 1 Ad Manager Pro 2026-04-16 N/A
SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter.
CVE-2005-4241 1 Vcd-db 1 Vcd-db 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.
CVE-2005-4260 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers to perform cross-site scripting (XSS) attacks by replacing the ">" in the tag with a "<", which bypasses the regular expressions that sanitize the data, but is automatically corrected by many web browsers. NOTE: it could be argued that this vulnerability is due to a design limitation of many web browsers; if so, then this should not be treated as a vulnerability in PHP-Nuke.
CVE-2006-2648 1 Aspbb 1 Aspbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.