Export limit exceeded: 346159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346159 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4020 | 1 Widget Press | 1 Widget Imprint | 2026-04-16 | N/A |
| SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | ||||
| CVE-2006-3281 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop events, which allows remote user-assisted attackers to execute arbitrary code via a link to an SMB file share with a filename that contains encoded ..\ (%2e%2e%5c) sequences and whose extension contains the CLSID Key identifier for HTML Applications (HTA), aka "Folder GUID Code Execution Vulnerability." NOTE: directory traversal sequences were used in the original exploit, although their role is not clear. | ||||
| CVE-2005-1941 | 1 Silvercity Project | 1 Silvercity | 2026-04-16 | 7.8 High |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | ||||
| CVE-2005-1936 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2026-04-16 | N/A |
| Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access." | ||||
| CVE-2005-1729 | 1 Novell | 1 Edirectory | 2026-04-16 | N/A |
| Novell eDirectory 8.7.3 allows remote attackers to cause a denial of service (application crash) via a URL containing an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1. | ||||
| CVE-2006-2504 | 1 Azboard | 1 Azboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | ||||
| CVE-2005-1732 | 1 Metro Marketing | 1 Cookie Cart | 2026-04-16 | N/A |
| Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi. | ||||
| CVE-2005-1736 | 1 Electricmonk | 1 Proms | 2026-04-16 | N/A |
| PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. | ||||
| CVE-2006-2505 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | ||||
| CVE-2005-1741 | 1 Gearbox Software | 1 Halo Combat Evolved | 2026-04-16 | N/A |
| Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data. | ||||
| CVE-2005-1742 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users with the Monitor security role to "shrink or reset JDBC connection pools." | ||||
| CVE-2006-2506 | 1 Sphider | 1 Sphider | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. | ||||
| CVE-2006-2508 | 1 Yourfreeworld | 1 Stylish Text Ads Script | 2026-04-16 | N/A |
| SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | ||||
| CVE-2006-2511 | 1 Frontrange | 1 Iheat | 2026-04-16 | N/A |
| The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | ||||
| CVE-2006-2512 | 1 Hitachi | 4 Eur Print Service, Eur Print Service For Ilf, Eur Professional and 1 more | 2026-04-16 | N/A |
| SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2006-2515 | 1 Hiox India | 1 Guest Book | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. | ||||
| CVE-2006-2516 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | ||||
| CVE-2005-1747 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password. | ||||
| CVE-2005-1749 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2026-04-16 | N/A |
| Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 Service Pack 4 allows remote attackers to cause a denial of service (CPU consumption from thread looping). | ||||
| CVE-2005-1751 | 2 Redhat, Shtool | 2 Enterprise Linux, Shtool | 2026-04-16 | N/A |
| Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759. | ||||