Export limit exceeded: 362848 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4454 1 Livejournal 1 Livejournal 2026-04-16 N/A
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
CVE-2006-3384 1 Vincent Leclercq 1 News 2026-04-16 N/A
SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) texte parameters.
CVE-2005-1029 1 Active Web Softwares 1 Active Auction House 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.
CVE-2006-0754 1 Dotproject 1 Dotproject 2026-04-16 N/A
dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the administrator ignores the installation instructions as well as warnings generated by check.php
CVE-2006-3902 1 Phpfaber 1 Topsites 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-1034 1 Netwin 1 Surgeftp 2026-04-16 N/A
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
CVE-2006-0755 1 Dotproject 1 Dotproject 2026-04-16 5.6 Medium
Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product
CVE-2006-4966 1 Chumpsoft 1 Phpquestionnaire 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter.
CVE-2004-1822 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.
CVE-2005-1035 1 Pavuk 1 Pavuk 2026-04-16 N/A
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact.
CVE-2005-3586 1 Mambo 1 Mambo 2026-04-16 N/A
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
CVE-2006-0760 1 Lighttpd 1 Lighttpd 2026-04-16 N/A
LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names.
CVE-2006-3910 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
CVE-2005-4463 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.
CVE-2006-0761 1 Rim 1 Blackberry Enterprise Server 2026-04-16 N/A
Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
CVE-2006-4967 1 Nextage 1 Nextage Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart allow remote attackers to inject arbitrary web script or HTML via (1) the CatId parameter in a product category action in index.php or (2) the SearchWd parameter in an index search action in index.php.
CVE-2006-4968 1 Postnuke Software Foundation 1 Pnphpbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in includes/functions_admin.php in PNphpBB 1.2g allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
CVE-2005-3621 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
CVE-2006-3913 1 Freeciv 1 Freeciv 2026-04-16 N/A
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.
CVE-2005-1038 2 Paul Vixie, Redhat 2 Vixie Cron, Enterprise Linux 2026-04-16 N/A
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235.