Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1522 1 Gnu 1 Mailutils 2026-04-16 N/A
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
CVE-2006-1151 1 M Phorum 1 M Phorum 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter.
CVE-2005-1523 1 Gnu 1 Mailutils 2026-04-16 N/A
Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands.
CVE-2006-1159 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request.
CVE-2006-4205 1 Webdynamite 1 Projectbutler 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in WebDynamite ProjectButler 0.8.4 allow remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter to /classes/ scripts including (1) Cache.class.php, (2) Customer.class.php, (3) Performance.class.php, (4) Project.class.php, (5) Representative.class.php, (6) User.class.php, or (7) common.php.
CVE-2005-1524 1 The Cacti Group 1 Cacti 2026-04-16 N/A
PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter.
CVE-2005-1525 1 The Cacti Group 1 Cacti 2026-04-16 N/A
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-1160 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to inject arbitrary web script or HTML via the Description field in creating a folder or uploading a file.
CVE-2005-1584 1 Open Solution 1 Quick.forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.
CVE-2005-1588 1 Open Solution 1 Quick.cart 2026-04-16 N/A
SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection
CVE-2005-1589 1 Linux 1 Linux Kernel 2026-04-16 N/A
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
CVE-2005-1590 1 Altiris 2 Client Service, Deployment Solution 2026-04-16 N/A
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070.
CVE-2005-1591 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors.
CVE-2005-1592 1 Birdblog 1 Birdblog 2026-04-16 N/A
Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript.
CVE-2006-1198 1 Comvigo 1 Im Lock 2026-04-16 N/A
Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password.
CVE-2006-4206 1 Aspplayground.net 1 Aspplayground.net 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter.
CVE-2005-1593 1 Codethat 1 Shoppingcart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-1199 1 Daverave 1 Link Bank 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in iframe.php in daverave Link Bank allows remote attackers to inject arbitrary web script or HTML via the site parameter.
CVE-2005-1594 1 Codethat 1 Shoppingcart 2026-04-16 N/A
SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-1595 1 Codethat 1 Shoppingcart 2026-04-16 N/A
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.