Export limit exceeded: 346082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18773 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346082 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2838 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2005-2839 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. | ||||
| CVE-2005-2840 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6) News, (7) Comments, (8) Settings, (9) Stats or (10) subjects modules. | ||||
| CVE-2005-2865 | 1 Amember | 1 Amember | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. | ||||
| CVE-2005-2866 | 1 Mercora | 1 Imradio | 2026-04-16 | N/A |
| Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in the MercoraClient\Profiles registry key, which allows local users to gain privileges. | ||||
| CVE-2006-1222 | 1 Zeroboard | 1 Zeroboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields. | ||||
| CVE-2005-2867 | 1 Bluewhalecrm | 1 Bluewhalecrm | 2026-04-16 | N/A |
| SQL injection vulnerability in BlueWhaleCRM allows remote attackers to execute arbitrary SQL commands via the Account ID field. | ||||
| CVE-2006-1225 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. | ||||
| CVE-2006-1226 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-2874 | 2 Easy Software Products, Redhat | 2 Cups, Enterprise Linux | 2026-04-16 | N/A |
| The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. | ||||
| CVE-2005-2875 | 1 Py2play | 1 Py2play | 2026-04-16 | N/A |
| Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes. | ||||
| CVE-2005-2880 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php. | ||||
| CVE-2006-2333 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php. | ||||
| CVE-2005-2893 | 1 Pblang | 1 Pblang | 2026-04-16 | N/A |
| Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | ||||
| CVE-2006-2339 | 1 Evo-dev | 2 Evotopsites, Evotopsites Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters. | ||||
| CVE-2005-2901 | 1 Cj Desing | 1 Cjweb2mail | 2026-04-16 | N/A |
| Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php. | ||||
| CVE-2006-2340 | 1 Lethal Penguin | 2 Passmasterflex, Passmasterflexplus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. | ||||
| CVE-2005-2927 | 1 Sco | 1 Unixware | 2026-04-16 | N/A |
| Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command. | ||||
| CVE-2006-1277 | 1 Upoint | 1 At1 File Store | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in signup.php in @1 File Store 2006.03.07 allows remote attackers to inject arbitrary web script or HTML via the (1) real_name, (2) email, and (3) login parameters. | ||||
| CVE-2006-1280 | 1 Sherzod Ruzmetov | 1 Cgi Session | 2026-04-16 | N/A |
| CGI::Session 4.03-1 does not set proper permissions on temporary files created in (1) Driver::File and (2) Driver::db_file, which allows local users to obtain privileged information, such as session keys, by viewing the files. | ||||