Export limit exceeded: 359813 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4211 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2005-1652 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter. | ||||
| CVE-2006-1205 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in myWebland myBloggie 2.1.3 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) confirmredirect and (2) post_id parameters in (a) delcomment.php, as reachable when mode=delcom from index.php; and the (3) del and (4) message parameters in (b) upload.php, the (5) errormsg parameter in (c) addcat.php, (d) edituser.php, (e) adduser.php, and (f) editcat.php, the (6) trackback_url parameter in (g) add.php, (7) id parameter in (h) deluser.php, (8) cat_id parameter in (i) delcat.php, and (9) post_id parameter in (j) del.php, as reachable from admin.php. | ||||
| CVE-2006-4212 | 1 B0zz And Chris Vincent | 1 Owl Intranet Engine | 2026-04-16 | N/A |
| SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet Engine 0.90 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | ||||
| CVE-2005-1653 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2006-1206 | 1 Dropbear Ssh Project | 1 Dropbear Ssh | 2026-04-16 | N/A |
| Matt Johnston Dropbear SSH server 0.47 and earlier, as used in embedded Linux devices and on general-purpose operating systems, allows remote attackers to cause a denial of service (connection slot exhaustion) via a large number of connection attempts that exceeds the MAX_UNAUTH_CLIENTS defined value of 30. | ||||
| CVE-2006-4213 | 1 David Kent Norman | 1 Thatware | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. | ||||
| CVE-2006-1207 | 1 Sergey Korostel | 1 Php Upload Center | 2026-04-16 | N/A |
| PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file. | ||||
| CVE-2005-1655 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag. | ||||
| CVE-2006-1208 | 1 Sergey Korostel | 1 Php Upload Center | 2026-04-16 | N/A |
| Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory. | ||||
| CVE-2005-1656 | 1 Mercur | 1 Mercur Messaging | 2026-04-16 | N/A |
| Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20"). | ||||
| CVE-2006-1209 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2026-04-16 | N/A |
| PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file. | ||||
| CVE-2005-1657 | 1 Mercur | 1 Mercur Messaging | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml. | ||||
| CVE-2006-1210 | 1 Micromuse | 1 Netcool Neusecure | 2026-04-16 | N/A |
| The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | ||||
| CVE-2005-1658 | 1 Myserver | 1 Myserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot). | ||||
| CVE-2005-1659 | 1 Myserver | 1 Myserver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. | ||||
| CVE-2005-1660 | 1 Htmljunction | 1 Ezguestbook | 2026-04-16 | N/A |
| HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password. | ||||
| CVE-2005-1661 | 1 Jeuce | 1 Jeuce Personal Web Server | 2026-04-16 | N/A |
| Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow. | ||||
| CVE-2006-1211 | 1 Micromuse | 1 Netcool Neusecure | 2026-04-16 | N/A |
| IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. NOTE: IBM has privately confirmed to CVE that a fix is available for these issues. | ||||
| CVE-2005-1662 | 1 Jeuce | 1 Jeuce Personal Web Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||