Export limit exceeded: 361754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 361754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1910 1 S9y 1 Serendipity 2026-04-16 N/A
config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-1092 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed.
CVE-2006-3622 1 Dream4 1 Koobi Pro 2026-04-16 N/A
The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' (single quote) in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error.
CVE-2000-1119 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
CVE-2005-2284 1 Esi Products 1 Webeoc 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
CVE-2006-4321 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
CVE-2005-2892 1 Pblang 1 Pblang 2026-04-16 N/A
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
CVE-2006-1122 1 D2ksoft 1 D2kblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2006-4720 1 Mcgallery 1 Mcgallery Pro 2026-04-16 N/A
PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
CVE-2006-4764 1 Wtools 1 Wtools 2026-04-16 N/A
PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter.
CVE-2005-0220 1 Gallery Project 1 Gallery 2026-04-16 N/A
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.
CVE-2005-0248 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
CVE-2006-1156 1 Manas Tungare 1 Site Membership Script 2026-04-16 N/A
SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp.
CVE-2005-3387 1 Luca Deri 1 Ntop 2026-04-16 N/A
The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.
CVE-2006-1166 1 Monotone 1 Monotone 2026-04-16 N/A
Monotone 0.25 and earlier, when a user creates a file in a directory called "mt", and when checking out that file on a case-insensitive file system such as Windows or Mac OS X, places the file into the "MT" bookkeeping directory, which could allow context-dependent attackers to execute arbitrary Lua programs as the user running monotone.
CVE-2006-1933 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors.
CVE-2005-3448 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
CVE-2005-3406 1 Butterfat 1 Phpesp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-4989 1 Patrick Michaelis 1 Wili-cms 2026-04-16 N/A
Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.
CVE-2005-0279 1 Jowood Productions 1 Soldner Secret Wars 2026-04-16 N/A
Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.