Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1156 3 Mozilla, Netscape, Redhat 4 Firefox, Mozilla, Navigator and 1 more 2026-04-16 N/A
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."
CVE-2006-0840 1 Mantis 1 Mantis 2026-04-16 N/A
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
CVE-2005-1157 3 Mozilla, Netscape, Redhat 4 Firefox, Mozilla, Navigator and 1 more 2026-04-16 N/A
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."
CVE-2006-0841 1 Mantis 1 Mantis 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. NOTE: item 17 might be subsumed by CVE-2005-4522.
CVE-2006-3981 1 Mambo 1 Mambo Gallery Manager 2026-04-16 N/A
PHP remote file inclusion vulnerability in about.mgm.php in Mambo Gallery Manager (MGM) 0.95r2 and earlier for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-1158 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.
CVE-2005-1159 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
CVE-2006-0843 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 stores the config file and other txt files under the web root with insufficient access control, which allows remote attackers to read the administrator's password.
CVE-2006-3983 1 Ekilat Llc 1 Php\(reactor\) 2026-04-16 N/A
PHP remote file inclusion vulnerability in editprofile.php in php(Reactor) 1.27pl1 allows remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter.
CVE-2005-1160 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.
CVE-2006-0844 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
CVE-2005-1161 1 Oneworldstore 1 Oneworldstore 2026-04-16 N/A
Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.
CVE-2006-0845 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Leif M. Wright's Blog 3.5 allows remote authenticated users with administrative privileges to execute arbitrary programs, including shell commands, by configuring the sendmail path to a malicious pathname.
CVE-2006-3986 1 Knusperleicht 1 Newsletter 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Knusperleicht Newsletter 3.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the NL_PATH parameter.
CVE-2005-1162 1 Oneworldstore 1 Oneworldstore 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.
CVE-2006-0846 1 Leif M. Wright 1 Web Blog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the (1) Referer and (2) User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly using the ViewCommentsLog function.
CVE-2005-1163 1 Yager Development 1 Yager Game 2026-04-16 N/A
Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data.
CVE-2006-0847 1 Cherrypy 1 Cherrypy 2026-04-16 N/A
Directory traversal vulnerability in the staticfilter component in CherryPy before 2.1.1 allows remote attackers to read arbitrary files via ".." sequences in unspecified vectors.
CVE-2005-1164 1 Yager Development 1 Yager Game 2026-04-16 N/A
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.
CVE-2006-3988 1 Knusperleicht 1 Newsreporter 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in Knusperleicht newsReporter 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the news_include_path parameter.