Export limit exceeded: 363759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363759 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2682 1 Back-end 1 Back-end Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
CVE-2006-4834 1 Phpquiz 1 Phpquiz 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.
CVE-2005-1264 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
CVE-2006-4836 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
CVE-2006-4837 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
CVE-2006-0685 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
CVE-1999-0532 2026-04-16 N/A
A DNS server allows zone transfers.
CVE-2005-1287 1 Bk Dev 1 Bk Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
CVE-2006-4897 1 Cmtexts 1 Cmtexts 2026-04-16 N/A
CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
CVE-2005-1328 1 Oneworldstore 1 Oneworldstore 2026-04-16 N/A
OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp.
CVE-2006-0695 1 Ansilove 1 Ansilove 2026-04-16 N/A
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.
CVE-2006-4944 1 Boesch It-consulting 1 Progsys 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/pear/Net/DNS/RR.php in ProgSys 0.151 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpdns_basedir parameter.
CVE-2006-4956 1 Neosys 1 Neon Webmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.
CVE-2005-1332 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.
CVE-2006-4324 1 Cityforfree 1 Indexcity 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in add_url2.php in CityForFree indexcity 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2005-0947 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.
CVE-2006-4323 1 Cityforfree 1 Indexcity 2026-04-16 N/A
SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter.
CVE-2006-4316 1 Ssh 1 Tectia Manager 2026-04-16 N/A
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
CVE-2006-4312 1 Cisco 9 Adaptive Security Appliance, Pix Firewall 501, Pix Firewall 506 and 6 more 2026-04-16 N/A
Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive Security Appliances, when running 7.0(x) up to 7.0(5) and 7.1(x) up to 7.1(2.4), and Firewall Services Module (FWSM) 3.1(x) up to 3.1(1.6), causes the EXEC password, local user passwords, and the enable password to be changed to a "non-random value" under certain circumstances, which causes administrators to be locked out and might allow attackers to gain access.
CVE-2006-4291 1 Phlymail 1 Phlymail Lite 2026-04-16 N/A
PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.