Export limit exceeded: 20006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361494 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2791 | 1 Net Art Media | 1 Iboutique.mall | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in iBoutique.MALL and possibly iBoutique allows remote attackers to read arbitrary files via ".." sequences in the function parameter. | ||||
| CVE-2005-4152 | 1 Soti | 1 Pocket Controller-professional | 2026-04-16 | N/A |
| Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492. | ||||
| CVE-2006-2795 | 1 Xiti | 1 Xiti Tracking Script | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking Script 6 and 7 RC allow remote attackers to inject arbitrary web script or HTML via (1) the xtref parameter in xiti.js and (2) an HTTP Referer header field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4162 | 1 Acme Labs | 1 Perlcal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter. | ||||
| CVE-2006-2797 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php. | ||||
| CVE-2004-1556 | 1 Mywebserver | 1 Mywebserver | 2026-04-16 | N/A |
| MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time. | ||||
| CVE-2005-4169 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php. | ||||
| CVE-2006-2798 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) LoName parameter in (a) week.php and (b) month.php and (2) AddressLink parameter in (c) event.php. | ||||
| CVE-2005-4178 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2026-04-16 | N/A |
| Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. | ||||
| CVE-2006-2800 | 1 Unak | 1 Unak Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u_a or (2) u_s parameters. NOTE: this might be resultant from SQL injection. | ||||
| CVE-2005-4197 | 1 Nortel | 1 Ssl Vpn | 2026-04-16 | N/A |
| tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | ||||
| CVE-2006-2804 | 1 Goss | 1 Icm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | ||||
| CVE-2006-2805 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. | ||||
| CVE-2005-4212 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable. | ||||
| CVE-2005-4213 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie. | ||||
| CVE-2005-4214 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | ||||
| CVE-2006-2806 | 1 Apache | 1 James | 2026-04-16 | N/A |
| The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | ||||
| CVE-2005-4221 | 1 Arab Portal | 1 Arab Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string). | ||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | ||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2026-04-16 | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | ||||