Export limit exceeded: 362962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3922 1 Panda 19 Panda Activescan, Panda Antivirus, Panda Antivirus Platinum and 16 more 2026-04-16 N/A
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
CVE-2006-2992 1 My Photo Scrapbook 1 My Photo Scrapbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter.
CVE-2005-3923 1 Netobjects 1 Netobjects Fusion 2026-04-16 N/A
NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site.
CVE-2006-3001 1 Okscripts 1 Okmall 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message.
CVE-2005-4009 1 Php Lite 1 Calendar Express 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php.
CVE-2006-3049 1 Mole Group Ticket Booking Script 1 Mole Group Ticket Booking Script 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in Mole Group Ticket Booking Script allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) address1, (3) address2, (4) county, (5) postcode, (6) email, (7) phone, or (8) mobile parameters to booking2.php.
CVE-2005-4010 1 Sensation Designs 1 Kbase Express 2026-04-16 N/A
SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.
CVE-2006-3057 1 Gnome 1 Dhcdbd 2026-04-16 N/A
Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) allows remote attackers to cause a denial of service (crash) via certain invalid DHCP responses that trigger memory corruption.
CVE-2006-2070 1 Mybb 1 Devbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action.
CVE-2006-4531 1 Bare Concept Media 1 Pheap Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter.
CVE-2005-2794 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING.
CVE-2006-2071 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bugs.
CVE-2006-4532 1 Bernard Pacques 1 Yet Another Community System Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in articles/article.php in Yet Another Community System (YACS) CMS 6.6.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter.
CVE-2005-2796 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
CVE-2006-2072 1 Delegate 1 Delegate 2026-04-16 N/A
Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and 8.x before 8.11.6 allow remote attackers to cause a denial of service via crafted DNS responses messages that cause (1) a buffer over-read or (2) infinite recursion, which can trigger a segmentation fault or invalid memory access, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2005-2797 1 Openbsd 1 Openssh 2026-04-16 N/A
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
CVE-2005-2798 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
CVE-2006-2073 1 Isc 1 Bind 2026-04-16 N/A
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2006-2074 1 Juniper 1 Junose 2026-04-16 N/A
Unspecified vulnerability in Juniper Networks JUNOSe E-series routers before 7-1-1 has unknown impact and remote attack vectors related to the DNS "client code," as demonstrated by the OUSPG PROTOS DNS test suite.
CVE-2005-2799 1 Linksys 1 Wrt54g 2026-04-16 N/A
Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request.