Export limit exceeded: 361150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1920 | 1 Pmtool | 1 Pmtool | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote attackers to execute arbitrary SQL commands via the order parameter in the include files (1) user.inc.php, (2) customer.inc.php, and (3) project.inc.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-2685 | 1 Savewebportal | 1 Savewebportal | 2026-04-16 | N/A |
| SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package. | ||||
| CVE-2005-2686 | 1 Savewebportal | 1 Savewebportal | 2026-04-16 | N/A |
| Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | ||||
| CVE-2006-1933 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (large or infinite loops) viarafted packets to the (1) UMA and (2) BER dissectors. | ||||
| CVE-2005-2687 | 1 Savewebportal | 1 Savewebportal | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | ||||
| CVE-2005-2688 | 1 Savewebportal | 1 Savewebportal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. | ||||
| CVE-2005-2689 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php. | ||||
| CVE-2005-2690 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | ||||
| CVE-2005-2691 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | ||||
| CVE-2006-1941 | 1 Neon Software | 1 Neon Responder | 2026-04-16 | N/A |
| Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. | ||||
| CVE-2006-4488 | 1 Exbb | 1 Exbb Italia | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in modules/userstop/userstop.php in ExBB Italia 0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter. | ||||
| CVE-2005-2692 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | ||||
| CVE-2006-1949 | 1 Nicplex | 1 Plexcart | 2026-04-16 | N/A |
| SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | ||||
| CVE-2005-2705 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | ||||
| CVE-2005-2706 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | ||||
| CVE-2006-1959 | 1 Actualscripts | 1 Actualanalyzer | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. | ||||
| CVE-2006-4491 | 1 Cybozu | 5 Collaborex, Cybozu Ag, Cybozu Pocket and 2 more | 2026-04-16 | N/A |
| Directory traversal vulnerability in Cybozu Collaborex, AG before 1.2(1.5), AG Pocket before 5.2(0.8), Mailwise before 3.0(0.3), and Garoon 1 before 1.5(4.1) allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2005-2707 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | ||||
| CVE-2006-1960 | 1 Cisco | 1 Wireless Lan Solution Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. | ||||
| CVE-2006-4492 | 1 Cybozu | 1 Cybozu Office | 2026-04-16 | N/A |
| Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors. | ||||