Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3092 | 1 Image-line Software | 1 Fl Studio | 2026-04-16 | N/A |
| Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file. | ||||
| CVE-2006-1353 | 1 Aspportal | 1 Aspportal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp. | ||||
| CVE-2005-3100 | 1 Astaro | 1 Security Linux | 2026-04-16 | N/A |
| Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service. | ||||
| CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. | ||||
| CVE-2006-1369 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) 2.1.5 and earlier before 20060308 allows remote attackers to inject arbitrary web script or HTML via a Private Message (PM) in certain circumstances. | ||||
| CVE-2006-1379 | 1 Trend Micro | 1 Pc-cillin 2006 | 2026-04-16 | N/A |
| Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs such as (1) tmntsrv.exe and (2) tmproxy.exe. | ||||
| CVE-2005-3189 | 1 Qualcomm | 1 Worldmail Imap Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command. | ||||
| CVE-2006-1385 | 1 Kismac | 1 Kismac | 2026-04-16 | N/A |
| Stack-based buffer overflow in the parseTaggedData function in WavePacket.mm in KisMAC R54 through R73p allows remote attackers to execute arbitrary code via multiple SSIDs in a Cisco vendor tag in a 802.11 management frame. | ||||
| CVE-2005-3220 | 1 Norman | 1 Virus Control Antivirus | 2026-04-16 | N/A |
| Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | ||||
| CVE-2006-1395 | 1 Cholod | 1 Mysql Based Message Board | 2026-04-16 | N/A |
| SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message Board allows remote attackers to execute arbitrary SQL commands via unspecified vectors in a showmessage action, possibly the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2005-3855 | 1 Easybe | 1 1-2-3 Music Store | 2026-04-16 | N/A |
| SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | ||||
| CVE-2006-1653 | 1 Angelinecms | 1 Angelinecms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in loadkernel.php in AngelineCMS 0.8.1 allows remote attackers to execute arbitrary PHP code via a URL in the installPath parameter. | ||||
| CVE-2005-3856 | 1 Krusader | 1 Krusader | 2026-04-16 | N/A |
| The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites. | ||||
| CVE-2005-3875 | 1 Enterprise Heart | 1 Enterprise Connector | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php. | ||||
| CVE-2005-4139 | 1 Thwboard | 1 Thwboard Beta | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php. | ||||
| CVE-2006-1718 | 1 Clever Copy | 1 Clever Copy | 2026-04-16 | N/A |
| Magus Perde Clever Copy 3.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to view the database username and password via a direct request for connect.inc. | ||||
| CVE-2005-4160 | 1 Torrential | 1 Torrential | 2026-04-16 | N/A |
| Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument. | ||||
| CVE-2005-4165 | 1 Asp-dev | 1 Asp Resources Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp. | ||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | ||||
| CVE-2005-4178 | 2 Debian, Dropbear Ssh Project | 2 Debian Linux, Dropbear Ssh | 2026-04-16 | N/A |
| Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations. | ||||