Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1932 | 1 Lpanel | 1 Lpanel | 2026-04-16 | N/A |
| Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php. | ||||
| CVE-2006-2554 | 1 Genecys | 1 Genecys | 2026-04-16 | N/A |
| Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | ||||
| CVE-2005-1945 | 1 Invision Power Services | 1 Invision Community Blog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. | ||||
| CVE-2005-1956 | 1 File Upload Manager | 1 File Upload Manager | 2026-04-16 | N/A |
| File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks. | ||||
| CVE-2006-2564 | 1 Alstrasoft | 1 E-friends | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. | ||||
| CVE-2005-1975 | 1 Annuaire | 1 1two | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php. | ||||
| CVE-2005-2058 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | ||||
| CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | ||||
| CVE-2005-2074 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php. | ||||
| CVE-2005-2108 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. | ||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | ||||
| CVE-2006-2578 | 1 Esyndicat | 1 Esyndicat Directory | 2026-04-16 | N/A |
| admin/cron.php in eSyndicat Directory 1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include arbitrary files and possibly execute arbitrary PHP code via a null-terminated value in the path_to_config parameter. | ||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2026-04-16 | N/A |
| Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | ||||
| CVE-2005-2228 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2026-04-16 | N/A |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | ||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2026-04-16 | N/A |
| xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | ||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | ||||
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). | ||||
| CVE-2005-2244 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. | ||||
| CVE-2005-2261 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2026-04-16 | N/A |
| Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | ||||