Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1777 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | ||||
| CVE-2005-1783 | 1 W.m.r. Simpson | 1 Bookreview | 2026-04-16 | N/A |
| BookReview beta 1.0 allows remote attackers to obtain the path of the web server via certain parameters to search.htm, possibly due to a search[string] parameter with a missing value or an incorrect submit[type] value, which reveals the path in the resulting error message. NOTE: it is not clear whether BookReview is available to the public. If not, then it should not be included in CVE. | ||||
| CVE-2006-2524 | 1 Usebb | 1 Usebb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. | ||||
| CVE-2005-1788 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. | ||||
| CVE-2005-1789 | 1 India Software Solution | 1 Shopping Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in SignIn.asp in India Software Solution shopping cart allows remote attackers to execute arbitrary SQL commands via the password. | ||||
| CVE-2005-1801 | 1 Nokia | 1 9500 | 2026-04-16 | N/A |
| The vCard viewer in Nokia 9500 allows attackers to cause a denial of service (crash) via a vCard with a long Name field, which causes the crash when the user views it. | ||||
| CVE-2005-1803 | 1 Net Portal Dynamic System | 1 Net Portal Dynamic System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Net Portal Dynamic System (NPDS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) admin.php, or (2) powerpack_f.php, (3) the sitename parameter to sdv_infos.php, (4) the categories parameter to faq.php, (5) the lettre parameter to the glossaire module, (6) the title parameter to reviews.php, or (7) the image_subject parameter to reply.php. | ||||
| CVE-2005-1808 | 1 Firefly Studios | 1 Stronghold 2 | 2026-04-16 | N/A |
| Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception. | ||||
| CVE-2006-2529 | 1 Fckeditor | 1 Fckeditor | 2026-04-16 | N/A |
| editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. NOTE: It is not clear whether this is related to CVE-2006-0658. | ||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | ||||
| CVE-2005-1896 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | ||||
| CVE-2005-1900 | 1 Sawmill | 1 Sawmill | 2026-04-16 | N/A |
| Sawmill before 7.1.6 allows remote attackers to bypass authentication and (1) gain administrative privileges or (2) add a license. | ||||
| CVE-2005-1914 | 1 Centericq | 1 Centericq | 2026-04-16 | N/A |
| CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. | ||||
| CVE-2006-2539 | 1 Sybase | 1 Easerver | 2026-04-16 | N/A |
| Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | ||||
| CVE-2006-2541 | 1 John Andersson | 1 Zixforum | 2026-04-16 | N/A |
| SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. | ||||
| CVE-2006-2543 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2026-04-16 | N/A |
| Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php. | ||||
| CVE-2006-2544 | 1 Xtreme Scripts | 1 Xtreme Topsites | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php and (2) id parameter in stats.php. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information. | ||||
| CVE-2005-1932 | 1 Lpanel | 1 Lpanel | 2026-04-16 | N/A |
| Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php. | ||||
| CVE-2006-2554 | 1 Genecys | 1 Genecys | 2026-04-16 | N/A |
| Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | ||||
| CVE-2005-2019 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. | ||||