Export limit exceeded: 29907 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29907 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2962 | 1 Oxfam Australia | 1 Emergencies Personnel Information System | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. | ||||
| CVE-2005-1700 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in pnadmin.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to execute arbitrary SQL commands via the riga[0] parameter. | ||||
| CVE-2006-2969 | 1 L0j1k | 1 Tinymuw | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box in quickchat.php, and possibly other manipulations. | ||||
| CVE-2006-2972 | 1 Arantius | 1 Vice Stats | 2026-04-16 | N/A |
| SQL injection vulnerability in vs_resource.php in Arantius Vice Stats 0.5b and 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2005-1701 | 1 Portailphp | 1 Portailphp | 2026-04-16 | N/A |
| SQL injection vulnerability in PortailPHP 1.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to the (1) News, (2) File, (3) Liens, or (4) Faq modules. | ||||
| CVE-2006-2981 | 1 Arantius | 1 Vice Stats | 2026-04-16 | N/A |
| SQL injection vulnerability in vs_search.php in Arantius Vice Stats before 1.0.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors, a different issue than CVE-2006-2972. | ||||
| CVE-2006-2988 | 1 Chemical Dictionary | 1 Chemical Dictionary | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. | ||||
| CVE-2005-1733 | 1 Metro Marketing | 1 Cookie Cart | 2026-04-16 | N/A |
| Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt. | ||||
| CVE-1999-1311 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows local users to bypass authentication and gain privileges. | ||||
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2026-04-16 | N/A |
| Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | ||||
| CVE-2005-1740 | 2 Net-snmp, Redhat | 2 Net-snmp, Enterprise Linux | 2026-04-16 | N/A |
| fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files insecurely, which allows local users to modify the contents of those files to execute arbitrary commands, or overwrite arbitrary files via a symlink attack. | ||||
| CVE-2005-1746 | 2 Bea, Oracle | 2 Weblogic Server, Weblogic Portal | 2026-04-16 | N/A |
| The cluster cookie parsing code in BEA WebLogic Server 7.0 through Service Pack 5 attempts to contact any host or port specified in a cookie, even when it is not in the cluster, which allows remote attackers to cause a denial of service (cluster slowdown) via modified cookies. | ||||
| CVE-2006-3013 | 1 Eschew.net | 1 Phpbannerexchange | 2026-04-16 | N/A |
| Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null (%00) character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could be argued that this vulnerability is due to a bug in the eregi PHP command and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in phpBannerExchange. | ||||
| CVE-2006-3034 | 1 Myscrapbook | 1 Myscrapbook | 2026-04-16 | N/A |
| MyScrapbook 3.1 allows remote attackers to obtain sensitive information via a direct request to files in the txt-db-api directory such as txt-db-api/sql.php, which reveals the path in an error message. | ||||
| CVE-2006-3043 | 1 Cfxe-cms | 1 Cfxe-cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe (CFXe) CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the voltext_suche parameter. | ||||
| CVE-1999-1279 | 1 Microsoft | 1 Sna Server | 2026-04-16 | N/A |
| An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU. | ||||
| CVE-2006-3809 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-16 | N/A |
| Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context. | ||||
| CVE-2006-3830 | 1 Kailash Nadh | 1 Boastmachine | 2026-04-16 | N/A |
| The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files. | ||||
| CVE-2006-3925 | 1 Interactual Technologies | 1 Interactual Player | 2026-04-16 | N/A |
| Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-1999-1257 | 1 Xyplex | 1 Maxserver Xyplex Terminal Server | 2026-04-16 | N/A |
| Xyplex terminal server 6.0.1S1, and possibly other versions, allows remote attackers to bypass the password prompt by entering (1) a CTRL-Z character, or (2) a ? (question mark). | ||||