Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1334 | 1 Maian Script World | 1 Maian Weblog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php. | ||||
| CVE-1999-0119 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | N/A |
| Windows NT 4.0 beta allows users to read and delete shares. | ||||
| CVE-2006-1437 | 1 Upoint | 1 At1 Event Publisher | 2026-04-16 | N/A |
| UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt. | ||||
| CVE-2005-1081 | 1 Azerbaijan Development Group | 1 Azdgdating | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-1505 | 1 Basic Analysis And Security Engine | 1 Base | 2026-04-16 | N/A |
| base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes". | ||||
| CVE-2005-1216 | 1 Microsoft | 1 Isa Server | 2026-04-16 | N/A |
| Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter. | ||||
| CVE-2005-1265 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash). | ||||
| CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | ||||
| CVE-2006-1509 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. | ||||
| CVE-2006-1524 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071. | ||||
| CVE-2006-1546 | 2 Apache, Redhat | 2 Struts, Rhel Application Server | 2026-04-16 | N/A |
| Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check. | ||||
| CVE-2006-1560 | 1 Skintech | 1 Phpnewsmanager | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information. | ||||
| CVE-2006-1583 | 1 Juliusz Julas Gonera | 1 Warcraft Iii Replay Parser Php | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests that the "page" parameter is not used in this product, and "id" might be the affected parameter. | ||||
| CVE-2006-1600 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-16 | N/A |
| SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2006-1627 | 1 Adobe | 1 Acrobat Reader | 2026-04-16 | N/A |
| Adobe Document Server for Reader Extensions 6.0 does not provide proper access control, which allows remote authenticated users to perform privileged actions by modifying the (1) actionID and (2) pageID parameters. NOTE: due to an error during reservation, this identifier was inadvertently associated with multiple issues. Other CVE identifiers have been assigned to handle other problems that are covered by the same disclosure. | ||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2026-04-16 | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | ||||
| CVE-2006-1703 | 1 Hubert Plisson | 1 Sire | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter. | ||||
| CVE-2006-1704 | 1 Hubert Plisson | 1 Sire | 2026-04-16 | N/A |
| Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. | ||||
| CVE-2006-1716 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector is already covered by CVE-2006-1625, although it might stem from the same core issue. | ||||
| CVE-2006-1726 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-16 | N/A |
| Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. | ||||