Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2414 | 1 Xpcom | 1 Xpcom | 2026-04-16 | N/A |
| Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted. | ||||
| CVE-2006-1706 | 1 Kansok Communications | 1 Shopweezle | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4) album parameters to (c) index.php. NOTE: this issue also produces resultant full path disclosure from invalid SQL queries. | ||||
| CVE-2005-2419 | 1 Eci Telecom | 1 B-focus Router | 2026-04-16 | N/A |
| B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. | ||||
| CVE-2006-1707 | 1 Kansok Communications | 1 Shopweezle | 2026-04-16 | N/A |
| index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. | ||||
| CVE-2006-1708 | 1 Clansys | 1 Clansys | 2026-04-16 | N/A |
| SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. | ||||
| CVE-2005-2421 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter. | ||||
| CVE-2005-2423 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-16 | N/A |
| Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message. | ||||
| CVE-2006-1715 | 1 Tugzip | 1 Tugzip | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1) .gz, (2) .jar, (3) .rar, or (4) .zip file. | ||||
| CVE-2005-2426 | 1 Ftpshell | 1 Ftpshell Server | 2026-04-16 | N/A |
| FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. | ||||
| CVE-2006-1723 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-16 | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | ||||
| CVE-2005-2427 | 1 Elemental Software | 1 Cartwiz | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2005-2428 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | ||||
| CVE-2005-2429 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. | ||||
| CVE-2006-1736 | 1 Mozilla | 4 Firefox, Mozilla Suite, Seamonkey and 1 more | 2026-04-16 | N/A |
| Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes the executable to be saved when the user clicks the "Save image as..." option. NOTE: this attack is made easier due to a GUI truncation issue that prevents the user from seeing the malicious extension when there is extra whitespace in the filename. | ||||
| CVE-2005-2430 | 1 Gforge | 1 Gforge | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form. | ||||
| CVE-2006-1744 | 1 Joey Hess | 1 Bsdgames | 2026-04-16 | N/A |
| Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. | ||||
| CVE-2005-2431 | 1 Gforge | 1 Gforge | 2026-04-16 | N/A |
| The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). | ||||
| CVE-2006-1745 | 1 Bitweaver | 1 Bitweaver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-2432 | 1 Tincan | 1 Phplist | 2026-04-16 | N/A |
| SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin. | ||||
| CVE-2005-2433 | 1 Tincan | 1 Phplist | 2026-04-16 | N/A |
| PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message. | ||||