Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1694 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.
CVE-2006-2927 1 Xfairguy 1 Codeavalanche Freeforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-1695 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_url parameter to magpie_slashbox.php, or the url parameter to (2) magpie_simple.php or (3) magpie_debug.php.
CVE-2006-2981 1 Arantius 1 Vice Stats 2026-04-16 N/A
SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972.
CVE-2002-0867 1 Microsoft 1 Virtual Machine 2026-04-16 N/A
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."
CVE-2006-2988 1 Chemical Dictionary 1 Chemical Dictionary 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action.
CVE-2002-1112 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
CVE-2005-1733 1 Metro Marketing 1 Cookie Cart 2026-04-16 N/A
Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt.
CVE-2005-1740 2 Net-snmp, Redhat 2 Net-snmp, Enterprise Linux 2026-04-16 N/A
fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack.
CVE-2005-1746 2 Bea, Oracle 2 Weblogic Server, Weblogic Portal 2026-04-16 N/A
The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies.
CVE-2002-1138 1 Microsoft 2 Data Engine, Sql Server 2026-04-16 N/A
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
CVE-2006-3013 1 Eschew.net 1 Phpbannerexchange 2026-04-16 N/A
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange.
CVE-2006-3859 1 Ibm 1 Informix Dynamic Database Server 2026-04-16 N/A
IBM Informix Dynamic Server (IDS) allows remote authenticated users to create and overwrite arbitrary files via the (1) LOTOFILE and (2) trl_tracefile_set functions, and the (3) "SET DEBUG FILE" commands.
CVE-2006-3860 1 Ibm 1 Informix Dynamic Database Server 2026-04-16 N/A
IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before 10.00.xC3 allows allows remote authenticated users to execute arbitrary commands via the (1) "SET DEBUG FILE" SQL command, and the (2) start_onpload and (3) dbexp functions.
CVE-2006-3884 1 Gonafish 1 Linkscaffe 2026-04-16 N/A
Multiple SQL injection vulnerabilities in links.php in Gonafish LinksCaffe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) offset and (2) limit parameters, (3) newdays parameter in a new action, and the (4) link_id parameter in a deadlink action. NOTE: this issue can also be used for path disclosure by a forced SQL error, or to modify PHP files using OUTFILE.
CVE-2006-3959 1 X-scripts 1 X-statistics 2026-04-16 N/A
SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter.
CVE-2006-4161 1 Xennobb 1 Xennobb 2026-04-16 N/A
Directory traversal vulnerability in the avatar_gallery action in profile.php in XennoBB 2.1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the category parameter.
CVE-2006-4164 1 Phpprintanalyzer 1 Phpprintanalyzer 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/header.inc.php in phpPrintAnalyzer 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ficStyle parameter.
CVE-2006-4196 1 Webinsta 1 Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in WEBInsta CMS 0.3.1 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the templates_dir parameter.
CVE-2006-4277 1 Tutti Nova 1 Tutti Nova 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the TNLIB_DIR parameter to (1) include/novalib/class.novaAdmin.mysql.php and (2) novalib/class.novaRead.mysql.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.