Export limit exceeded: 364152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4287 | 2 Nes Game, Nes System | 2 Nes Game, Nes System | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | ||||
| CVE-2005-2104 | 1 Redhat | 2 Enterprise Linux, Sysreport | 2026-04-16 | N/A |
| sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory. | ||||
| CVE-2006-1480 | 1 Duda | 1 Webalbum | 2026-04-16 | N/A |
| Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter. | ||||
| CVE-2005-2105 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | ||||
| CVE-2006-1485 | 1 Greymatter | 1 Greymatter | 2026-04-16 | N/A |
| gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-4289 | 1 Sony | 1 Vaio Media Server | 2026-04-16 | N/A |
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2005-2106 | 1 Drupal | 1 Drupal | 2026-04-16 | N/A |
| Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | ||||
| CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | ||||
| CVE-2005-2107 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. | ||||
| CVE-2006-1493 | 1 Nikolay Avrionov | 1 Explorer Xp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492. | ||||
| CVE-2006-4291 | 1 Phlymail | 1 Phlymail Lite | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | ||||
| CVE-2005-2108 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. | ||||
| CVE-2006-4292 | 1 Niels Provos | 1 Honeyd | 2026-04-16 | N/A |
| Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. | ||||
| CVE-2005-2109 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | ||||
| CVE-2006-1502 | 1 Mplayer | 1 Mplayer | 2026-04-16 | N/A |
| Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. | ||||
| CVE-2006-4293 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. | ||||
| CVE-2005-2110 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1. | ||||
| CVE-2006-1506 | 1 Sun | 2 Grid Engine, N1 Grid Engine | 2026-04-16 | N/A |
| Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges. | ||||
| CVE-2006-4294 | 1 Twiki | 1 Twiki | 2026-04-16 | N/A |
| Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. | ||||
| CVE-2005-2114 | 2 Mozilla, Redhat | 4 Camino, Firefox, Mozilla and 1 more | 2026-04-16 | N/A |
| Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | ||||