Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2470 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in the WebLogic Server Administration Console for BEA WebLogic Server 9.0 prevents the console from setting custom JDBC security policies correctly, which could allow attackers to bypass intended policies. | ||||
| CVE-2005-3281 | 1 Nukefixes | 1 Nukefixes | 2026-04-16 | N/A |
| Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 allows remote attackers to include arbitrary files via the file parameter. | ||||
| CVE-2006-4743 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain sensitive information via a direct request for (1) 404.php, (2) akismet.php, (3) archive.php, (4) archives.php, (5) attachment.php, (6) blogger.php, (7) comments.php, (8) comments-popup.php, (9) dotclear.php, (10) footer.php, (11) functions.php, (12) header.php, (13) hello.php, (14) wp-content/themes/default/index.php, (15) links.php, (16) livejournal.php, (17) mt.php, (18) page.php, (19) rss.php, (20) searchform.php, (21) search.php, (22) sidebar.php, (23) single.php, (24) textpattern.php, (25) upgrade-functions.php, (26) upgrade-schema.php, or (27) wp-db-backup.php, which reveal the path in various error messages. NOTE: another researcher has disputed the details of this report, stating that version 2.0.5 does not exist. NOTE: the admin-footer.php, admin-functions.php, default-filters.php, edit-form-advanced.php, edit-link-form.php, edit-page-form.php, kses.php, locale.php, rss-functions.php, template-loader.php, and wp-db.php vectors are already covered by CVE-2006-0986. The edit-form-comment.php, vars.php, and wp-settings.php vectors are already covered by CVE-2005-4463. The menu-header.php vector is already covered by CVE-2005-2110. | ||||
| CVE-2006-2471 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 leak sensitive information to remote attackers, including (1) DNS and IP addresses to address to T3 clients, (2) internal sensitive information using GetIORServlet, (3) certain "server details" in exceptions when invalid XML is provided, and (4) a stack trace in a SOAP fault. | ||||
| CVE-2005-3282 | 1 Splatt | 1 Splatt Forum | 2026-04-16 | N/A |
| Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authentication via unknown vectors. | ||||
| CVE-2006-2472 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 through SP5, 7.0 through SP6, and 6.1 through SP7 allows untrusted applications to obtain private server keys. | ||||
| CVE-2006-4744 | 1 Abidia | 2 Abidia Wireless, O-anywhere | 2026-04-16 | N/A |
| Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication credentials in cleartext, which allows remote attackers to obtain sensitive information by sniffing. | ||||
| CVE-2006-2473 | 1 Openwiki | 1 Openwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites. | ||||
| CVE-2005-3284 | 1 Ahnlab | 3 Myv3, V3net, V3pro 2004 | 2026-04-16 | N/A |
| Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives. | ||||
| CVE-2005-3285 | 1 Comersus Open Technologies | 1 Comersus Backoffice Plus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_backoffice_searchItemForm.asp in Comersus BackOffice Plus allows remote attackers to inject arbitrary web script or HTML via the (1) forwardTo1, (2) forwardTo2, (3) nameFT1, or (4) nameFT2 parameters. | ||||
| CVE-2006-2474 | 1 Cosmoshop | 1 Cosmoshop | 2026-04-16 | N/A |
| SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter. | ||||
| CVE-2005-3286 | 1 Kerio | 2 Personal Firewall, Serverfirewall | 2026-04-16 | N/A |
| The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability." | ||||
| CVE-2006-4748 | 1 F-art Agency | 1 Blog Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) xagent, (2) xpath, (3) xreferer, and (4) xdns parameters in (a) admin/plugins/NP_Log.php, and the (5) pitem parameter in (b) admin/plugins/NP_Poll.php; and allow remote authenticated users to execute arbitrary SQL commands via the (6) pageRef parameter in (c) admin/plugins/NP_Referrer.php. | ||||
| CVE-2006-2475 | 1 Cosmoshop | 1 Cosmoshop | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) bestmail.cgi in Cosmoshop 8.11.106 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | ||||
| CVE-2005-3287 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in Mailsite Express allows remote attackers to upload and possibly execute files via attachments with executable extensions such as ASPX, which are not converted to .TXT like other dangerous extensions, and which can be directly requested from the cache directory. | ||||
| CVE-2006-2476 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-2477 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs. | ||||
| CVE-2005-3289 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, which allows local users to corrupt /etc/passwd and possibly other system files via the trace file. | ||||
| CVE-2006-2478 | 1 Bitrix | 1 Bitrix Site Manager | 2026-04-16 | N/A |
| Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term. | ||||
| CVE-2005-3290 | 1 Accelerated Enterprise Solutions | 1 Accelerated Mortgage Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in Accelerated Mortgage Manager allows remote attackers to execute arbitrary SQL commands via the password field. | ||||