Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1201 1 Eschew.net 1 Phpbannerexchange 2026-04-16 N/A
Directory traversal vulnerability in resetpw.php in eschew.net phpBannerExchange 2.0 and earlier, and other versions before 2.0 Update 5, allows remote attackers to read arbitrary files via a .. (dot dot) in the email parameter during a "Recover password" operation (recoverpw.php).
CVE-2005-1598 1 Invision Power Services 2 Invision Board, Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable.
CVE-2006-1202 1 Jcink.com 1 Textfilebb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.php, possibly requiring a URL encoded value.
CVE-2005-1599 1 Kryloff Technologies 1 Subject Search Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field.
CVE-2005-1600 1 Libtomcrypt 1 Libtomcrypt 2026-04-16 N/A
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key.
CVE-2005-1601 1 Mro Software 1 Maximo Self Service 2026-04-16 N/A
MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties.
CVE-2005-1602 1 Net56 1 File Manager 2026-04-16 N/A
SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.
CVE-2005-1603 1 Niteenterprises 1 Remote File Manager 2026-04-16 N/A
NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080.
CVE-2005-1604 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.
CVE-2005-1610 1 Tru-zone 1 Nukeet 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.
CVE-2006-3510 1 Microsoft 1 Ie 2026-04-16 N/A
The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
CVE-2006-0004 1 Microsoft 1 Office 2026-04-16 N/A
Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
CVE-2006-3511 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the fonts property of the HtmlDlgSafeHelper object, which triggers a null dereference.
CVE-2006-0013 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
CVE-2006-3512 1 Microsoft 2 Internet Explorer, Windows Xp 2026-04-16 N/A
Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) by setting the Enabled property of a DXTFilter ActiveX object to true, which triggers a null dereference.
CVE-2006-0015 1 Microsoft 2 Frontpage Server Extensions, Sharepoint Team Services 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
CVE-2006-3513 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
danim.dll in Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (application crash) by accessing the Data property of a DirectAnimation DAUserData object before it is initialized, which triggers a NULL pointer dereference.
CVE-2006-3514 1 Phpblogger 1 Php-blogger 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.
CVE-2006-3515 1 Myiosoft.com 1 Ajaxportal 2026-04-16 N/A
SQL injection vulnerability in the loginADP function in ajaxp.php in AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
CVE-2006-3516 1 Freehost 1 Freehost 2026-04-16 N/A
Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php.