Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4827 | 2 Canon, Microsoft | 3 Network Camera Server Vb101, Ie, Internet Explorer | 2026-04-16 | N/A |
| Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks. | ||||
| CVE-2003-1422 | 1 Gentoo | 1 Syslinux | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.01, when running setuid root, allow local users to gain privileges via unknown vectors. | ||||
| CVE-2005-1514 | 1 Dan Bernstein | 1 Qmail | 2026-04-16 | N/A |
| commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index. | ||||
| CVE-2003-1403 | 1 Dotbr | 1 Botbr | 2026-04-16 | N/A |
| foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. | ||||
| CVE-2003-1404 | 1 Dotbr | 1 Botbr | 2026-04-16 | N/A |
| DotBr 0.1 stores config.inc with insufficient access control under the web document root, which allows remote attackers to obtain sensitive information such as SQL usernames and passwords. | ||||
| CVE-2003-1405 | 1 Dotbr | 1 Botbr | 2026-04-16 | N/A |
| DotBr 0.1 allows remote attackers to execute arbitrary shell commands via the cmd parameter to (1) exec.php3 or (2) system.php3. | ||||
| CVE-2003-1406 | 1 Adalis Infomatique | 1 D Forum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3. | ||||
| CVE-2005-4863 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | ||||
| CVE-2005-4080 | 1 Horde | 1 Imp | 2026-04-16 | N/A |
| Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. | ||||
| CVE-2005-4063 | 1 Netauctionhelp | 1 Netauctionhelp | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. | ||||
| CVE-2005-4060 | 1 Rainworx | 1 Rwauction Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | ||||
| CVE-2006-2560 | 1 Sitecom | 2 Wl-153, Wl-153 Router Firmware | 2026-04-16 | N/A |
| Sitecom WL-153 router firmware before 1.38 allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2005-4058 | 1 Saralblog | 1 Saralblog | 2026-04-16 | N/A |
| SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. | ||||
| CVE-2005-4047 | 1 Iisworks | 1 Aspknowledgebase | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. | ||||
| CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | ||||
| CVE-2006-2395 | 1 Popsoft Digital | 1 Popphoto | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in resources/includes/popp.config.loader.inc.php in PopSoft Digital PopPhoto Studio 3.5.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter (cfg['popphoto_base_path'] variable). NOTE: Pixaria has notified CVE that "PopPhoto is NOT a product of Pixaria. It was a product of PopSoft Digital and is only hosted by Pixaria as a courtesy... The vulnerability listed was patched by the previous vendor and all previous users have received this update." | ||||
| CVE-2006-2396 | 1 Phpodp | 1 Phpodp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter. | ||||
| CVE-2006-2404 | 1 Radscripts | 1 Radlance | 2026-04-16 | N/A |
| Directory traversal vulnerability in popup.php in RadScripts RadLance Gold 7.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | ||||
| CVE-2005-3733 | 1 Juniper | 8 Junos E, Junos J, Junos M and 5 more | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2005-3762 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. | ||||