Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3286 | 1 Kerio | 2 Personal Firewall, Serverfirewall | 2026-04-16 | N/A |
| The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability." | ||||
| CVE-2006-4748 | 1 F-art Agency | 1 Blog Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php. | ||||
| CVE-2006-2475 | 1 Cosmoshop | 1 Cosmoshop | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | ||||
| CVE-2005-3287 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. | ||||
| CVE-2006-2476 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-2477 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | ||||
| CVE-2005-3289 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. | ||||
| CVE-2006-2478 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term. | ||||
| CVE-2005-3290 | 1 Accelerated Enterprise Solutions | 1 Accelerated Mortgage Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in Accelerated Mortgage Manager allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2006-4757 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the admin section in e107 0.7.5 allow remote authenticated administrative users to execute arbitrary SQL commands via the (1) linkopentype, (2) linkrender, (3) link_class, and (4) link_id parameters in (a) links.php; the (5) searchquery parameter in (b) users.php; and the (6) download_category_class parameter in (c) download.php. NOTE: an e107 developer has disputed the significance of the vulnerability, stating that "If your admins are injecting you, you might want to reconsider their access." | ||||
| CVE-2005-3291 | 1 Stani | 1 Stanis Python Editor | 2026-04-16 | N/A |
| Stani's Python Editor (SPE) 0.7.5 is installed with world-writable permissions, which allows local users to gain privileges by modifying executable files. | ||||
| CVE-2006-4764 | 1 Wtools | 1 Wtools | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | ||||
| CVE-2005-3292 | 1 Xeobook | 1 Xeobook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>. | ||||
| CVE-2006-2479 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| The Update functionality in Bitrix Site Manager 4.1.x does not verify the authenticity of downloaded updates, which allows remote attackers to obtain sensitive information and ultimately execute arbitrary PHP code via DNS cache poisoning that redirects the user to a malicious site. | ||||
| CVE-2005-4332 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2026-04-16 | N/A |
| Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp. | ||||
| CVE-2006-3328 | 1 Starflow Software | 1 Hostflow | 2026-04-16 | N/A |
| new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal and replay authentication credentials via an IMG tag in the desc parameter ("Ticket Description" field) that points to a URL that captures referer URLs, possibly due to a cross-site scripting (XSS) vulnerability or a leak of credentials in referer URLs. | ||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. | ||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2026-04-16 | N/A |
| SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | ||||
| CVE-2005-4335 | 1 Courseforum | 1 Projectforum | 2026-04-16 | N/A |
| ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. | ||||
| CVE-2005-4336 | 1 Courseforum | 1 Projectforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group. | ||||