Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4594 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in PHP Advanced Transfer Manager (phpAtm) 1.21 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the include_location parameter in (1) confirm.php or (2) login.php. NOTE: the include_location parameter to index.php is already covered by CVE-2005-1681. | ||||
| CVE-2006-4619 | 1 Avira | 1 Antivir Personal | 2026-04-16 | N/A |
| The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. NOTE: some details are obtained from third party information. | ||||
| CVE-2006-4631 | 1 Softbb | 1 Softbb | 2026-04-16 | N/A |
| Direct static code injection vulnerability in admin/save_opt.php in SoftBB 0.1, and possibly earlier, allows remote authenticated users to upload and execute arbitrary PHP code via the cache_forum parameter, which saves the code to info_options.php, which is accessible via a direct request. | ||||
| CVE-2006-4651 | 1 Threesquared.net | 1 Php Download Script | 2026-04-16 | N/A |
| Directory traversal vulnerability in download/index.php, and possibly download.php, in threesquared.net (aka Ben Speakman) Php download allows remote attackers to overwrite arbitrary local files via .. (dot dot) sequence in the file parameter. | ||||
| CVE-2006-4652 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2026-04-16 | N/A |
| (1) Amazing Little Poll and (2) Amazing Little Picture Poll have a default password of "dsapoll", which allows remote attackers to create a new poll by entering default credentials via lp_admin.php. | ||||
| CVE-2006-4710 | 1 Newsgator | 1 Feeddemon | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NewsGator FeedDemon before 2.0.0.25 allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite. | ||||
| CVE-2006-4717 | 1 Drupal | 1 Drupal Pubcookie Module | 2026-04-16 | N/A |
| The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary users via unspecified vectors. | ||||
| CVE-2005-0992 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | ||||
| CVE-2005-1159 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | ||||
| CVE-2005-3219 | 1 Avira | 1 Antivir Personal | 2026-04-16 | N/A |
| Multiple interpretation error in unspecified versions of Avira Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | ||||
| CVE-2002-0898 | 1 Opera Software | 1 Opera Web Browser | 2026-04-16 | N/A |
| Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline. | ||||
| CVE-2005-1165 | 1 Yager Development | 1 Yager Game | 2026-04-16 | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data. | ||||
| CVE-2005-3679 | 1 Activecampaign | 1 1-2-all Broadcast Email | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in the admin control panel. | ||||
| CVE-2001-1394 | 2 Linux, Redhat | 2 Linux Kernel, Linux | 2026-04-16 | N/A |
| Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel before 2.2.19 allows local users to cause a denial of service. | ||||
| CVE-2002-0906 | 1 Sendmail | 1 Sendmail | 2026-04-16 | N/A |
| Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server. | ||||
| CVE-2005-3680 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter. | ||||
| CVE-2001-1396 | 2 Linux, Redhat | 2 Linux Kernel, Linux | 2026-04-16 | N/A |
| Unknown vulnerabilities in strnlen_user for Linux kernel before 2.2.19, with unknown impact. | ||||
| CVE-2005-1183 | 1 Mvnforum | 1 Mvnforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter. | ||||
| CVE-2005-1193 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | ||||
| CVE-2005-1223 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | ||||