Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2396 1 Phpodp 1 Phpodp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter.
CVE-2005-0883 1 Digitalhive 1 Digitalhive 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page.
CVE-2005-0900 1 Nukebookmarks 1 Nukebookmarks 2026-04-16 N/A
marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message.
CVE-2006-2397 1 Gphotos 1 Gphotos 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) rep parameter to (a) index.php or (b) diapo.php or (2) image parameter to (c) affich.php. NOTE: item 1a might be resultant from directory traversal.
CVE-2005-0911 1 E-xoops 1 E-xoops 2026-04-16 N/A
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
CVE-2006-2402 1 Outgun 1 Outgun 2026-04-16 N/A
Buffer overflow in the changeRegistration function in servernet.cpp for Outgun 1.0.3 bot 2 and earlier allows remote attackers to change the registration information of other players via a long string.
CVE-2006-2405 1 Unclassified Newsboard 1 Unclassified Newsboard 2026-04-16 N/A
Directory traversal vulnerability in unb_lib/abbc.conf.php in Unclassified NewsBoard (UNB) 1.6.1 patch 1 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the ABBC[Config][smileset] parameter to unb_lib/abbc.css.php.
CVE-2005-0937 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while another thread is executing mmap or other functions.
CVE-2005-0943 1 Cisco 8 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 5 more 2026-04-16 N/A
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
CVE-2005-0969 1 Apple 1 Mac Os X 2026-04-16 N/A
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
CVE-2005-0973 1 Apple 1 Mac Os X 2026-04-16 N/A
Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.
CVE-2006-2406 1 Unclassified Newsboard 1 Unclassified Newsboard 2026-04-16 N/A
Directory traversal vulnerability in bb_lib/abbc.css.php in Unclassified NewsBoard (UNB) 1.5.3-d and possibly earlier versions, when register_globals is enabled, allows remote attackers to include arbitrary files via .. (dot dot) sequences and a trailing null byte (%00) in the design_path parameter. NOTE: this is closely related, but a different vulnerability than the ABBC[Config][smileset] parameter.
CVE-2006-2410 1 Raydium 1 Raydium 2026-04-16 N/A
raydium_network_netcall_exec function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a packet of type 0xFF, which causes a null dereference.
CVE-2005-1087 1 An 1 An-httpd 2026-04-16 N/A
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
CVE-2006-2412 1 Raydium 1 Raydium 2026-04-16 N/A
The raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to cause a denial of service (application crash) via a large ID, which causes an invalid memory access (buffer over-read).
CVE-2005-1174 2 Mit, Redhat 2 Kerberos 5, Enterprise Linux 2026-04-16 N/A
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
CVE-2006-2419 1 Php 1 Directory Listing Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter.
CVE-2005-1216 1 Microsoft 1 Isa Server 2026-04-16 N/A
Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
CVE-2006-2423 1 Swsoft 1 Confixx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter.
CVE-2005-1218 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.