Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4086 1 Ozjournals 1 Ozjournals 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-2098 1 Native Solutions 1 Tbe Banner Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.
CVE-2004-2110 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2006-2059 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
CVE-2004-2113 1 Herberlin 1 Bremsserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2006-4121 1 See-commerce 1 See-commerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4125 1 Dconnect 1 Dconnect Daemon 2026-04-16 N/A
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.
CVE-2004-2118 1 Tinyserver 1 Tinyserver 2026-04-16 N/A
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow.
CVE-2004-2123 1 Nextplace 1 E-commerce Asp Engine 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly (3) level parameter of ListCategories.asp.
CVE-2004-2139 1 Yabb 1 Yabb 2026-04-16 N/A
Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.
CVE-2004-2142 1 Jorg Schilling 1 Sdd 2026-04-16 N/A
Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors.
CVE-2006-4143 1 Netgear 1 Fvg318 2026-04-16 N/A
Netgear FVG318 running firmware 1.0.40 allows remote attackers to cause a denial of service (router reset) via TCP packets with bad checksums.
CVE-2004-2149 1 Oracle 1 Mysql 2026-04-16 N/A
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.
CVE-2004-2152 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.
CVE-2004-2156 1 Recruitment Agency Software 1 Online Recruitment Agency 2026-04-16 N/A
Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.
CVE-2004-2167 1 Latex2rtf 1 Latex2rtf 2026-04-16 N/A
Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.
CVE-2006-2061 1 Invision Power Services 2 Invision Board, Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in lib/func_taskmanager.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary SQL commands via the ck parameter, which can inject at most 32 characters.
CVE-2004-2171 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
CVE-2006-4754 1 Comscripts 1 Phprog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
CVE-2006-2182 1 Albinator 1 Albinator 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter.