Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3466 1 Oracle 1 Peoplesoft Enterprise Customer Relationship Management 2026-04-16 N/A
Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.
CVE-2006-4908 1 Ohio State University 1 Osu Httpd 2026-04-16 N/A
OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive information via a URL containing an * (asterisk) wildcard, which displays all matching file and directory information.
CVE-2006-2647 1 Ibm 1 Aix 2026-04-16 N/A
Untrusted search path vulnerability in update_flash for IBM AIX 5.1, 5.2 and 5.3 allows local users to execute arbitrary commands via unknown vectors involving lsmcode and possibly other commands.
CVE-2006-4909 1 Cisco 1 Guard Ddos Mitigation Appliance 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS Mitigation Appliance before 5.1(6), when anti-spoofing is enabled, allows remote attackers to inject arbitrary web script or HTML via certain character sequences in a URL that are not properly handled when the appliance sends a meta-refresh.
CVE-2005-3468 1 F-secure 2 F-secure Anti-virus, Internet Gatekeeper 2026-04-16 N/A
Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.
CVE-2006-4910 1 Cisco 2 Ids Sensor Software, Ips Sensor Software 2026-04-16 N/A
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
CVE-2005-3469 1 News2net 1 News2net 2026-04-16 N/A
SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2005-3470 1 Mailscanner 1 Mailscanner 2026-04-16 N/A
SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.
CVE-2006-4911 1 Cisco 1 Ips Sensor Software 2026-04-16 N/A
Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 before 5.1(2), when running in inline or promiscuous mode, allows remote attackers to bypass traffic inspection via a "crafted sequence of fragmented IP packets".
CVE-2005-3471 1 Mailscanner 1 Mailscanner 2026-04-16 N/A
Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.
CVE-2006-4912 1 Php Docwriter 1 Php Docwriter 2026-04-16 N/A
PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter.
CVE-2005-3472 1 Sun 1 Java System Communications Express 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.
CVE-2006-4913 1 Alstrasoft 1 E-friends 2026-04-16 N/A
Directory traversal vulnerability in chat/getStartOptions.php in AlstraSoft E-friends 4.85 allows remote attackers to include arbitrary local files and possibly execute arbitrary code via a .. (dot dot) sequence and trailing null (%00) byte in the lang parameter, as demonstrated by injecting PHP code into a log file.
CVE-2005-3473 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.
CVE-2006-2672 1 Interquest Internet Services 1 Realty Pro One 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid parameter to (d) searchlookup.php, (3) id parameter to (e) images.php, or (4) agentid parameter to (f) request_info.php. NOTE: some of these issues might be resultant from SQL injection.
CVE-2006-4914 1 A.l-pifou 1 A.l-pifou 2026-04-16 N/A
Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote attackers to read arbitrary files via ".." sequences in the ze_langue_02 cookie, as demonstrated by using the choix_lng parameter to choix_langue.php to indirectly set the cookie, then accessing livre_dor.php to trigger the inclusion from inc/change_lang_ck.php, possibly related to livre_livre.php. NOTE: the livre_livre.php relationship has been reported by some third party sources.
CVE-2005-3474 1 Sony 1 First4internet Xcp Content Management 2026-04-16 N/A
The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.
CVE-2005-3475 1 Hasbani Web Server 1 Hasbani Web Server 2026-04-16 N/A
Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests.
CVE-2006-4915 1 Innovate Portal 1 Innovate Portal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Innovate Portal 2.0 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
CVE-2006-2673 1 E-board 1 Elite-board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box.