Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2313 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
CVE-2005-1119 1 Todd Miller 1 Sudo 2026-04-16 N/A
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
CVE-2005-3660 1 Linux 1 Linux Kernel 2026-04-16 N/A
Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference.
CVE-2006-0733 1 Wordpress 1 Wordpress 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability
CVE-2006-2229 1 Openvpn 2 Openvpn, Openvpn Access Server 2026-04-16 N/A
OpenVPN 2.0.7 and earlier, when configured to use the --management option with an IP that is not 127.0.0.1, uses a cleartext password for TCP sessions to the management interface, which might allow remote attackers to view sensitive information or cause a denial of service.
CVE-2006-0219 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php.
CVE-2006-0220 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
CVE-2006-2877 1 Sangwan Kim 1 Bookmark4u 2026-04-16 N/A
PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and earlier allows remote attackers to include arbitrary PHP files via the include_prefix parameter in (1) inc/dbase.php, (2) inc/config.php, (3) inc/common.php, and (4) inc/function.php. NOTE: it has been reported that the inc directory is protected by a .htaccess file, so this issue only applies in certain environments or configurations.
CVE-2006-2878 1 Andreas Gohr 1 Dokuwiki 2026-04-16 N/A
The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.
CVE-2006-2879 1 Alex 1 News-engine 2026-04-16 N/A
SQL injection vulnerability in newscomments.php in Alex News-Engine 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2006-2880 1 Pyblosxom 1 Pyblosxom 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Contributed Packages for PyBlosxom 1.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the Comments plugin in the (1) url and (2) author fields.
CVE-2006-2881 1 Dreamcost 1 Dreamaccount 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the da_path parameter in the (1) auth.cookie.inc.php, (2) auth.header.inc.php, or (3) auth.sessions.inc.php scripts.
CVE-2006-2895 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to versions before 1.6.7 allows remote attackers to inject arbitrary HTML and web script via the edit form.
CVE-2006-2896 1 Funkboard 1 Funkboard 2026-04-16 N/A
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
CVE-2006-2897 1 Funkboard 1 Funkboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows remote attackers to inject arbitrary HTML or web script via unspecified vectors.
CVE-2006-2899 1 Estsoft 1 Internetdisk 2026-04-16 N/A
Unspecified vulnerability in ESTsoft InternetDISK versions before 2006/04/20 allows remote authenticated users to execute arbitrary code, possibly by uploading a file with multiple extensions into the WebLink directory.
CVE-2006-2901 1 D-link 1 Dwl-2100ap 2026-04-16 N/A
The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware 2.10na and earlier allows remote attackers to obtain sensitive system information via a request to an arbitrary .cfg file, which returns configuration information including passwords.
CVE-2006-4002 1 Drupal 1 Drupal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 before 4.6.9, and 4.7 before 4.7.3, allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: portions of these details are obtained from third party information.
CVE-2006-4895 1 Idevspot 1 Nixieaffiliate 2026-04-16 N/A
IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to delete arbitrary affiliates via a modified id parameter to delete.php.
CVE-2006-4897 1 Cmtexts 1 Cmtexts 2026-04-16 N/A
CMtextS 1.0 and earlier stores users_logins/admin.txt under the web document root with insufficient access control, which allows remote attackers to obtain the administrator password.