Export limit exceeded: 364055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4826 1 Shadowed Portal 1 Shadowed Portal 2026-04-16 N/A
PHP remote file inclusion vulnerability in bottom.php in Shadowed Portal 5.599 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.
CVE-2006-4827 1 Vmist 1 Downstat 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat 1.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the art parameter to (1) admin.php, (2) chart.php, (3) modes.php, or (4) stats.php.
CVE-2006-4829 1 Blojsom 1 Blojsom 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki Blojsom 2.31 allow remote attackers to inject arbitrary web script or HTML via the (1) blog-category-description, (2) blog-entry-title, (3) rss-enclosure-url, (4) technorati-tagsi, or (5) blog-category-name parameter in a blog post.
CVE-2006-4830 1 Blojsom 1 Blojsom 2026-04-16 N/A
Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
CVE-2005-1241 1 Powertech 1 Powerlock Networksecurity 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2006-4833 1 Verso Netperformer 1 Frame Relay Access Device Act 2026-04-16 N/A
Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.
CVE-2006-2682 1 Back-end 1 Back-end Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter.
CVE-2006-4834 1 Phpquiz 1 Phpquiz 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Jule Slootbeek phpQuiz 0.01 allows remote attackers to execute arbitrary PHP code via a URL in the pagename parameter.
CVE-2005-1264 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589.
CVE-2006-4836 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: The lostpassword.php and calendar.php vectors are already covered by CVE-2005-3365, and the search.php vector is already covered by CVE-2005-4227.
CVE-2006-4837 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE 6.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) library/lib.php and (2) library/editor/editor.php. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message.
CVE-2006-0685 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
CVE-1999-0532 2026-04-16 N/A
A DNS server allows zone transfers.
CVE-2005-1287 1 Bk Dev 1 Bk Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
CVE-2006-4897 1 Cmtexts 1 Cmtexts 2026-04-16 N/A
CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.
CVE-2005-1328 1 Oneworldstore 1 Oneworldstore 2026-04-16 N/A
OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp.
CVE-2006-0695 1 Ansilove 1 Ansilove 2026-04-16 N/A
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory.
CVE-2006-4956 1 Neosys 1 Neon Webmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.
CVE-2005-1332 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.
CVE-2006-0714 1 Flyspray 1 Flyspray 2026-04-16 N/A
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.