Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0621 | 1 Zaireweb Solutions | 1 Newsletter Zws | 2026-04-16 | N/A |
| admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords. | ||||
| CVE-2005-4047 | 1 Iisworks | 1 Aspknowledgebase | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. | ||||
| CVE-2006-3262 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| SQL injection vulnerability in the Weblinks module (weblinks.php) in Mambo 4.6rc1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | ||||
| CVE-2004-1911 | 1 Azerbaijan Development Group | 1 Azdgdating | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. | ||||
| CVE-2006-1128 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | ||||
| CVE-2004-1912 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2026-04-16 | N/A |
| The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | ||||
| CVE-2006-2557 | 1 Florian Amrhein | 1 Newsportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | ||||
| CVE-2006-2558 | 1 Iplogger | 1 Iplogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. | ||||
| CVE-2006-2559 | 1 Linksys | 2 Wrt54g, Wrt54g V5 | 2026-04-16 | N/A |
| Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | ||||
| CVE-2006-2568 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | ||||
| CVE-2006-2570 | 1 Calogic | 1 Calogic Calendars | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. NOTE: this might be due to a globals overwrite issue. | ||||
| CVE-2006-2572 | 1 Dian Gemilang | 1 Dgbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | ||||
| CVE-2006-2575 | 1 Pyrosoft Inc | 1 Netpanzer | 2026-04-16 | N/A |
| The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (crash) via a client flag (frameNum) that is greater than 41, which triggers an assert error. | ||||
| CVE-2006-2577 | 1 Docebo | 1 Docebo | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in (1) where_cms, (2) where_lms, (3) where_upgrade, (4) BBC_LIB_PATH, and (5) BBC_LANGUAGE_PATH parameters in various unspecified scripts. NOTE: the provenance of some of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2004-1921 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2026-04-16 | N/A |
| X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | ||||
| CVE-2006-4938 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | ||||
| CVE-2006-4941 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php. | ||||
| CVE-2006-4946 | 1 Cmsdevelopment | 1 Business Card Web Builder | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in include/startup.inc.php in CMSDevelopment Business Card Web Builder (BCWB) 0.99, and possibly 2.5 Beta and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2004-1922 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size. | ||||