Export limit exceeded: 349416 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29913 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4166 | 1 Duware | 1 Duportal Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | ||||
| CVE-2006-3550 | 1 F5 | 1 Firepass 4100 | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks FirePass 4100 5.x allow remote attackers to inject arbitrary web script or HTML via unspecified "writable form fields and hidden fields," including "authentication frontends." | ||||
| CVE-2006-3553 | 1 Planet Concept | 1 Planetnews | 2026-04-16 | N/A |
| PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php. | ||||
| CVE-2006-3554 | 1 Mkportal | 1 Mkportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by using a gl_session cookie to inject PHP sequences into the error.log file, which is then included by index.php with malicious commands accessible by the ind parameter. | ||||
| CVE-2006-3555 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. | ||||
| CVE-2006-3558 | 1 Arif Supriyanto | 1 Auracms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to inject arbitrary web script or HTML via (1) the judul_artikel parameter in teman.php and (2) the title of an article sent to admin, which is displayed when unauthenticated users visit index.php. | ||||
| CVE-2006-3559 | 1 Arif Supriyanto | 1 Auracms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 allow remote attackers to execute arbitrary SQL commands and delete all shoutbox messages via the (1) name and (2) pesan parameters. | ||||
| CVE-2006-3560 | 1 Blue Dojo | 1 Graffiti Forums | 2026-04-16 | N/A |
| SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums 1.0 allows remote attackers to execute arbitrary SQL commands via the f parameter. | ||||
| CVE-2003-0045 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp. | ||||
| CVE-2006-3566 | 1 Hivemail | 1 Hivemail | 2026-04-16 | N/A |
| search.results.php in HiveMail 3.1 and earlier allows remote attackers to obtain the installation path via certain manipulations related to the (1) searchdate and (2) folderids parameters. | ||||
| CVE-2005-4168 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username. | ||||
| CVE-2006-3574 | 1 Hitachi | 3 Cosminexus Collaboration Portal, Groupmax Collaboration Portal, Groupmax Collaboration Web Client | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Groupmax Collaboration Portal and Web Client before 07-20-/D, and uCosminexus Collaboration Portal and Forum/File Sharing before 06-20-/C, allow remote attackers to "execute malicious scripts" via unknown vectors (aka HS06-014-01). | ||||
| CVE-2005-4169 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php. | ||||
| CVE-2005-4174 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used. | ||||
| CVE-2006-3590 | 1 Microsoft | 1 Powerpoint | 2026-04-16 | N/A |
| mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493. | ||||
| CVE-2006-3592 | 1 Cisco | 1 Unified Callmanager | 2026-04-16 | N/A |
| Unspecified vulnerability in the command line interface (CLI) in Cisco Unified CallManager (CUCM) 5.0(1) through 5.0(3a) allows local users to execute arbitrary commands with elevated privileges via unspecified vectors, involving "certain CLI commands," aka bug CSCse11005. | ||||
| CVE-2006-3595 | 1 Cisco | 1 Router Web Setup | 2026-04-16 | N/A |
| The default configuration of IOS HTTP server in Cisco Router Web Setup (CRWS) before 3.3.0 build 31 does not require credentials, which allows remote attackers to access the server with arbitrary privilege levels, aka bug CSCsa78190. | ||||
| CVE-2005-4176 | 1 Award | 1 Award Bios Modular | 2026-04-16 | N/A |
| AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. | ||||
| CVE-2006-3596 | 1 Cisco | 1 Ips Sensor Software | 2026-04-16 | N/A |
| The device driver for Intel-based gigabit network adapters in Cisco Intrusion Prevention System (IPS) 5.1(1) through 5.1(p1), as installed on various Cisco Intrusion Prevention System 42xx appliances, allows remote attackers to cause a denial of service (kernel panic and possibly network outage) via a crafted IP packet. | ||||
| CVE-2006-3597 | 1 Ubuntu | 1 Ubuntu Linux | 2026-04-16 | N/A |
| passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password blank instead of locking it when the administrator selects the "Go Back" option after the final "Installation complete" message and uses the main menu, which causes the password to be zeroed out in the installer's memory. | ||||