Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2567 | 1 Recipants | 1 Recipants | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. | ||||
| CVE-2006-2132 | 1 Duware | 1 Duclassified | 2026-04-16 | N/A |
| SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2133 | 1 Boonex | 1 Barracuda | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) link_dir_target and (2) link_id_target parameter, possibly involving the link_edit functionality. | ||||
| CVE-2006-4653 | 2 Amazing Little Picture Poll, Amazing Little Poll | 2 Amazing Little Picture Poll, Amazing Little Poll | 2026-04-16 | N/A |
| (1) Amazing Little Poll and (2) Amazing Little Picture Poll store sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password via a direct request for the lp_settings file (lp_settings.inc or lp_settings.php). | ||||
| CVE-2004-2573 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. | ||||
| CVE-2006-2135 | 1 Ruperts News | 1 Ruperts News | 2026-04-16 | N/A |
| SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter. | ||||
| CVE-2006-4657 | 1 Panda | 1 Panda Platinum Internet Security | 2026-04-16 | N/A |
| Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE. | ||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | ||||
| CVE-2006-2137 | 1 Openphpnuke | 1 Openphpnuke | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in master.php in OpenPHPNuke and 2.3.3 earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2006-2140 | 1 Orbitscripts | 1 Orbithyip | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 and earlier allow remote attackers to inject arbitrary web script via the (1) referral parameter to signup.php or (2) id parameter to members.php. | ||||
| CVE-2004-2589 | 1 Rob Flynn | 1 Gaim | 2026-04-16 | N/A |
| Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory. | ||||
| CVE-2004-2599 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon. | ||||
| CVE-2006-4754 | 1 Comscripts | 1 Phprog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProg before 1.1 allows remote attackers to inject arbitrary web script or HTML via the album parameter, which is used in an opendir call. NOTE: the same primary issue can be used for full path disclosure with an invalid parameter that reveals the installation path in an error message. | ||||
| CVE-2006-2182 | 1 Albinator | 1 Albinator | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, (2) eshow.php, or (3) forgot.php in albinator 2.0.8 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the Config_rootdir parameter. | ||||
| CVE-2006-2187 | 1 Zenphoto | 1 Zenphoto | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. | ||||
| CVE-2006-2188 | 1 Cmscout | 1 Cmscout | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. | ||||
| CVE-2006-2190 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ow-shared.pl in OpenWebMail (OWM) 2.51 and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter in (1) openwebmail-send.pl, (2) openwebmail-advsearch.pl, (3) openwebmail-folder.pl, (4) openwebmail-prefs.pl, (5) openwebmail-abook.pl, (6) openwebmail-read.pl, (7) openwebmail-cal.pl, and (8) openwebmail-webdisk.pl. NOTE: the openwebmail-main.pl vector is already covered by CVE-2005-2863. | ||||
| CVE-2006-4770 | 1 Miniportal | 1 Miniportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. | ||||
| CVE-2004-2625 | 1 Outblaze | 1 Outblaze Email | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. | ||||
| CVE-2004-2637 | 1 Zonet | 1 Zsr1104we Wireless Router Runtime Code | 2026-04-16 | N/A |
| The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions. | ||||