Export limit exceeded: 363819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363819 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2036 1 Cool Cafe Chat 1 Cool Cafe Chat 2026-04-16 N/A
modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.
CVE-2006-0870 1 Mini-nuke 1 Mini-nuke Cms 2026-04-16 N/A
SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as well.
CVE-2005-2038 1 Fortibus 1 Fortibus Cms 2026-04-16 N/A
Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page.
CVE-2002-1764 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0772 4 Debian, Mit, Openpkg and 1 more 4 Debian Linux, Kerberos 5, Openpkg and 1 more 2026-04-16 9.8 Critical
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
CVE-2006-0873 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames.
CVE-2006-0879 1 Phpoutsourcing 1 Noahs Classifieds 2026-04-16 N/A
SQL injection vulnerability in the search tool in Noah's Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
CVE-2006-1941 1 Neon Software 1 Neon Responder 2026-04-16 N/A
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.
CVE-2005-2080 1 Symantec Veritas 1 Backup Exec 2026-04-16 N/A
Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.
CVE-2006-3317 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote attackers to execute arbitrary code via a URL in the phpraid_dir parameter to (1) announcements.php and (2) rss.php, a different set of vectors and affected versions than CVE-2006-3316 and CVE-2006-3116.
CVE-2005-2097 3 Kde, Redhat, Xpdf 3 Kpdf, Enterprise Linux, Xpdf 2026-04-16 N/A
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
CVE-2006-2260 1 Drupal 1 Drupal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the project module (project.module) in Drupal 4.5 and 4.6 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-2263 1 Virtual Programming 1 Vp-asp 2026-04-16 N/A
SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2005-2107 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.
CVE-2005-2007 1 Edgewall Software 1 Trac 2026-04-16 N/A
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.
CVE-2006-2727 1 Epic Designs 1 Eggblog 2026-04-16 N/A
home/register.php in Eggblog before 3.0 allows remote attackers to change the password of administrators and possibly other users via a modified username parameter.
CVE-2006-0864 1 Hauri 1 Virobot 2026-04-16 N/A
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.
CVE-2006-0861 1 Michael Salzer 1 Guestbox 2026-04-16 N/A
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog.
CVE-2005-2000 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php.
CVE-2001-1499 1 Checkpoint 1 Vpn-1 2026-04-16 N/A
Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.