Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3954 1 Blogbuddies 1 Blogbuddies 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php.
CVE-2005-3961 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter.
CVE-2005-3964 2 Integrated Computer Solutions, Redhat 3 Openmotif, Enterprise Linux, Network Satellite 2026-04-16 N/A
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
CVE-2003-0010 1 Microsoft 7 Windows 2000, Windows 2000 Terminal Services, Windows 98 and 4 more 2026-04-16 N/A
Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.
CVE-2004-0160 1 Synaesthesia 1 Synaesthesia 2026-04-16 N/A
Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.
CVE-2004-0162 3 Clearswift, F-secure, Paul L Daniels 3 Mailsweeper, Internet Gatekeeper, Ripmime 2026-04-16 N/A
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients.
CVE-2004-0169 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
CVE-2004-0171 2 Freebsd, Openbsd 2 Freebsd, Openbsd 2026-04-16 N/A
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
CVE-2005-4659 1 Ipcop 1 Ipcop 2026-04-16 N/A
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
CVE-2006-0215 1 Qualityebiz 1 Quality Ppc 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant from CVE-2006-0216.
CVE-2006-0217 1 Ultimate Auction 1 Ultimate Auction 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. NOTE: the affected version might be wrong since the current version as of 20060116 is 3.6.1.
CVE-2006-0219 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
CVE-2006-0221 1 Ddsn 1 Cm3cms 2026-04-16 N/A
SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
CVE-2006-0222 1 Alstrasoft 1 Template Seller 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter.
CVE-2006-2877 1 Sangwan Kim 1 Bookmark4u 2026-04-16 N/A
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
CVE-2006-2878 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
CVE-2006-2883 1 Kke Info Media 1 Kmita Faq 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2006-2884 1 Kke Info Media 1 Kmita Faq 2026-04-16 N/A
SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2006-2890 1 Pixelpost 1 Pixelpost 2026-04-16 N/A
Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, allows remote attackers to gain administrator privileges and conduct other attacks by setting the _SESSION["pixelpost_admin"] parameter to 1 in calls to admin scripts such as admin/view_info.php.
CVE-2006-2891 1 Pixelpost 1 Pixelpost 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin/index.php for Pixelpost 1-5rc1-2 and earlier allows remote attackers to inject arbitrary HTML or web script via the loginmessage parameter.