Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2483 1 Karrigell 1 Karrigell 2026-04-16 N/A
Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.
CVE-2006-1785 1 Adobe 1 Document Server 2026-04-16 N/A
Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site" section of ads-readerext. NOTE: it is not clear whether the vendor advisory addresses this issue. In addition, since the issue requires administrative privileges to exploit, it is not clear whether this crosses security boundaries.
CVE-2005-2484 1 Denora Irc Stats 1 Denora Irc Stats 2026-04-16 N/A
Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code.
CVE-2006-1793 1 Runcms 1 Runcms 2026-04-16 N/A
Directory traversal vulnerability in runCMS 1.2 and earlier allows remote attackers to read arbitrary files via the bbPath[path] parameter to (1) class.forumposts.php and (2) forumpollrenderer.php. NOTE: this issue is closely related to CVE-2006-0659.
CVE-2006-4435 1 Openbsd 1 Openbsd 2026-04-16 N/A
OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default.
CVE-2005-2485 1 Logicampus 1 Logicampus 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-1794 1 Mambo 1 Mambo 2026-04-16 N/A
SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php).
CVE-2006-4436 1 Openbsd 1 Openbsd 2026-04-16 N/A
isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection.
CVE-2005-2486 1 Portailphp 1 Portailphp 2026-04-16 N/A
SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701.
CVE-2006-1801 1 Planet Concept 1 Planetsearch\+ 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in planetsearchplus.php in planetSearch+ allows remote attackers to inject arbitrary web script or HTML via the search_exp parameter.
CVE-2005-2487 1 Mcdata 4 Intrepid 6064 Director Switch, Intrepid 6140 Director Switch, Sphereon 4300 Fabric Switch and 1 more 2026-04-16 N/A
Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.
CVE-2006-1803 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to inject arbitrary web script or HTML via the sql_query parameter.
CVE-2006-4437 1 Venture Nine 1 Tagger Le 2026-04-16 N/A
Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php.
CVE-2006-4438 1 Doctor Web Ltd 1 Dr.web 2026-04-16 N/A
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
CVE-2005-2488 1 Web Content Management 1 Web Content Management News System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.
CVE-2006-1804 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter.
CVE-2005-2489 1 Web Content Management 1 Web Content Management News System 2026-04-16 N/A
Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php.
CVE-2006-1805 1 Powerscripts 1 Powerclan 2026-04-16 N/A
SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter.
CVE-2006-4439 1 Sun 1 Solaris 2026-04-16 N/A
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
CVE-2006-1806 1 Musicbox 1 Musicbox 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Musicbox 2.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the term parameter in a search action.