Export limit exceeded: 364070 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364070 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3676 1 Planet Concept 1 Planetgallery 2026-04-16 N/A
admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression check for safe file types.
CVE-2006-3563 1 Winged Gallery 1 Winged Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in gallery/thumb.php in Winged Gallery 1.0 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
CVE-2003-0452 1 Gunnar Ritter 1 Osh 2026-04-16 N/A
Buffer overflows in osh before 1.7-11 allow local users to execute arbitrary code and bypass shell restrictions via (1) long environment variables or (2) long "file redirections."
CVE-2003-0451 1 Xblockout 1 Xbl 2026-04-16 N/A
Multiple buffer overflows in xbl before 1.0k allow local users to gain privileges via certain long command line arguments.
CVE-2003-0448 1 Aboleo.net 1 Portmon 2026-04-16 N/A
Portmon 1.7 and possibly earlier versions allows local users to read and write arbitrary files via the (1) -c (host file) or (2) -l (log file) command line options.
CVE-2003-0444 1 Gtksee 1 Gtksee 2026-04-16 N/A
Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.
CVE-2006-3556 1 Extcalendar 1 Extcalendar 2026-04-16 N/A
PHP remote file inclusion vulnerability in extcalendar.php in Mohamed Moujami ExtCalendar 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2003-0438 1 Yuuichi Teranishi 1 Eldav 2026-04-16 N/A
eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
CVE-2003-0436 1 Mnogosearch 1 Mnogosearch 2026-04-16 N/A
Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote attackers to execute arbitrary code via a long ul parameter.
CVE-2006-3552 1 Ipswitch 2 Ipswitch Collaboration Suite, Ipswitch Secure Server 2026-04-16 N/A
Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium, when using a certain .dat file in the StarEngine /data directory from 20060630 or earlier, does not properly receive and implement bullet signature updates, which allows context-dependent attackers to use the server for spam transmission.
CVE-2005-0582 1 Broadcom 1 License Software 2026-04-16 N/A
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
CVE-2005-0572 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.
CVE-2005-2588 1 Dvbbs 1 Dvbbs 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the page parameter to dispbbs.asp, (2) name parameter to dispuser.asp, or the (3) title, (4) view, or (5) act parameter to boardhelp.asp.
CVE-2005-0548 1 Sun 1 Solaris Answerbook2 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function.
CVE-2003-0381 1 Norman Ramsey 1 Noweb 2026-04-16 N/A
Multiple vulnerabilities in noweb 2.9 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files via multiple vectors including the noroff script.
CVE-2003-0371 1 Prishtina Soft 1 Prishtina Ftp 2026-04-16 N/A
Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers to cause a denial of service (crash) and possibly execute arbitrary code via a long FTP banner.
CVE-2005-0544 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.
CVE-2003-0360 1 Debian 1 Debian Linux 2026-04-16 N/A
Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2006-3536 1 Ej3 1 Topo 2026-04-16 N/A
Direct static code injection vulnerability in code/class_db_text.php in EJ3 TOPo 2.2.178 and earlier allows remote attackers to execute arbitrary PHP code via parameters such as (1) descripcion and (2) pais, which are stored directly in a PHP script. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.
CVE-2006-3535 1 Nullsoft 1 Shoutcast Dsp 2026-04-16 N/A
Directory traversal vulnerability in Nullsoft SHOUTcast DSP before 1.9.7 allows remote attackers to read arbitrary files via unspecified vectors that are a "slight variation" of CVE-2006-3534.