Export limit exceeded: 361712 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 361712 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (361712 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4057 1 Mitch Murray 1 Eremove 2026-04-16 N/A
Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.
CVE-2006-4058 1 Simplog 1 Simplog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in archive.php in Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyw parameter when performing a search. NOTE: some details are obtained from third party information.
CVE-2006-2052 1 Verosky Media 1 Instant Photo Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. NOTE: the original report may be inaccurate, since the "viewpro" string does not appear in the source code for version 1.0.2 of the product.
CVE-2004-2052 1 Esesix 1 Thintune 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
CVE-2004-2056 1 Nucleus Group 1 Nucleus Cms 2026-04-16 N/A
SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter.
CVE-2004-2059 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-2060 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
CVE-2004-2062 1 Antiboard 1 Antiboard 2026-04-16 N/A
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.
CVE-2004-2074 1 Bolintech 1 Dream Ftp Server 2026-04-16 N/A
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
CVE-2004-2075 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
CVE-2004-2076 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2006-4086 1 Ozjournals 1 Ozjournals 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino Online Zone Journals (OZJournals) 1.5 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-2098 1 Native Solutions 1 Tbe Banner Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.
CVE-2004-2110 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2006-4111 1 Rubyonrails 2 Rails, Ruby On Rails 2026-04-16 N/A
Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby code with "severe" or "serious" impact via a File Upload request with an HTTP header that modifies the LOAD_PATH variable, a different vulnerability than CVE-2006-4112.
CVE-2006-2059 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "#e" (execute) modifier.
CVE-2004-2113 1 Herberlin 1 Bremsserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2006-4121 1 See-commerce 1 See-commerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce 1.0.625 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2006-4125 1 Dconnect 1 Dconnect Daemon 2026-04-16 N/A
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.
CVE-2004-2118 1 Tinyserver 1 Tinyserver 2026-04-16 N/A
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow.