Export limit exceeded: 348106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2457 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. | ||||
| CVE-2006-1000 | 1 G2soft | 1 Pentacle In-out Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp. | ||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2026-04-16 | N/A |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | ||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2006-1012 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. | ||||
| CVE-2006-1019 | 1 Ukiweb | 1 Ukiboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, some of which reference a source URL that appears to be for an unrelated issue. | ||||
| CVE-2006-1037 | 1 Oracle | 2 Diagnostics, E-business Suite | 2026-04-16 | N/A |
| SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2005-2571 | 1 Funkboard | 1 Funkboard | 2026-04-16 | N/A |
| FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php. | ||||
| CVE-2005-2589 | 1 Linksys | 1 Wrt54gs | 2026-04-16 | N/A |
| Unknown vulnerability in Linksys WRT54GS wireless router with firmware 4.50.6, with WPA Personal/TKIP authentication enabled, allows remote clients to bypass authentication by connecting without using encryption. | ||||
| CVE-2005-2620 | 1 Novell | 1 Groupwise | 2026-04-16 | N/A |
| grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | ||||
| CVE-2005-2621 | 1 Ecw-shop | 1 Ecw-shop | 2026-04-16 | N/A |
| index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability. | ||||
| CVE-2005-2630 | 1 Realnetworks | 2 Realone Player, Realplayer | 2026-04-16 | N/A |
| Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094. | ||||
| CVE-2005-3424 | 1 Gnu | 1 Gnump3d | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. | ||||
| CVE-2005-2650 | 1 Emefa | 1 Emefa Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. | ||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2026-04-16 | N/A |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | ||||
| CVE-2005-2656 | 1 Polygen | 1 Polygen | 2026-04-16 | N/A |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | ||||
| CVE-2005-2658 | 1 Softwolves Software | 1 Turquoise Superstat | 2026-04-16 | N/A |
| Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. | ||||
| CVE-2006-1085 | 1 Php-stats | 1 Php-stats | 2026-04-16 | N/A |
| admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password. | ||||
| CVE-2005-2663 | 1 Masqmail | 1 Masqmail | 2026-04-16 | N/A |
| masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file. | ||||
| CVE-2005-2664 | 1 Whisper32 | 1 Whisper32 | 2026-04-16 | N/A |
| Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory. | ||||