Export limit exceeded: 361598 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361598 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2409 | 1 Nbsmtp | 1 Nbsmtp | 2026-04-16 | N/A |
| Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call. | ||||
| CVE-2006-2801 | 1 Unak | 1 Unak Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) u_a or (2) u_s parameters. | ||||
| CVE-2006-2803 | 1 Deltascripts | 1 Php Manualmaker | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) id parameter to index.php, (2) search field (possibly the s parameter), or (3) comment field. | ||||
| CVE-2006-3161 | 1 Saphp | 1 Saphplesson | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter. | ||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | ||||
| CVE-2005-1601 | 1 Mro Software | 1 Maximo Self Service | 2026-04-16 | N/A |
| MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties. | ||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2026-04-16 | N/A |
| Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | ||||
| CVE-2006-3166 | 1 Free Realty | 1 Free Realty | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter. | ||||
| CVE-2005-2411 | 1 Tdiary | 1 Tdiary | 2026-04-16 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user. | ||||
| CVE-2006-2822 | 1 Xfairguy | 1 Codeavalanche Freeforum | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2006-2823 | 1 A.shopkart | 1 A.shopkart | 2026-04-16 | N/A |
| Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb. | ||||
| CVE-2006-2834 | 1 Gnopaste | 1 Gnopaste | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/common.php in gnopaste 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2006-3167 | 1 Free Realty | 1 Free Realty | 2026-04-16 | N/A |
| Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message. | ||||
| CVE-2005-2414 | 1 Xpcom | 1 Xpcom | 2026-04-16 | N/A |
| Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted. | ||||
| CVE-2005-1639 | 1 Atinegar | 1 Sigma Isp Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields. | ||||
| CVE-2006-2847 | 1 Full Revolution | 1 Aspweblinks | 2026-04-16 | N/A |
| SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter. | ||||
| CVE-2006-2849 | 1 Andrew Godwin | 1 Bytehoard | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/webdav/server.php in Bytehoard 2.1 Epsilon/Delta allows remote attackers to execute arbitrary PHP code via a URL in the bhconfig[bhfilepath] parameter. | ||||
| CVE-2006-2850 | 1 Php Labware | 1 Labwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP Labware LabWiki 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the help parameter. | ||||
| CVE-2006-2851 | 1 Dotproject | 1 Dotproject | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in dotProject 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, which are not properly handled when the client is using Internet Explorer. | ||||
| CVE-2005-2415 | 1 Astalavista It Engineering | 1 Contrexx | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module. | ||||