Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2836 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. | ||||
| CVE-2006-2247 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2006-2248 | 1 Northern Solutions | 1 Xeneo Web Server | 2026-04-16 | N/A |
| Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. | ||||
| CVE-2005-2947 | 1 Killprocess | 1 Killprocess | 2026-04-16 | N/A |
| Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource. | ||||
| CVE-2006-4622 | 1 Comscripts | 1 Annoncev | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. | ||||
| CVE-2006-4623 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. | ||||
| CVE-2005-2948 | 1 Killprocess | 1 Killprocess | 2026-04-16 | N/A |
| KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess. | ||||
| CVE-2006-2249 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. | ||||
| CVE-2005-2949 | 1 Mark D. Roth | 1 Pam Per User | 2026-04-16 | N/A |
| pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login. | ||||
| CVE-2006-2250 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message. | ||||
| CVE-2005-2950 | 1 Sawmill | 1 Sawmill | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. | ||||
| CVE-2006-2251 | 1 Invision Power Services | 1 Invision Community Blog | 2026-04-16 | N/A |
| SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. | ||||
| CVE-2006-4625 | 1 Php | 1 Php | 2026-04-16 | N/A |
| PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults. | ||||
| CVE-2005-2951 | 1 Azerbaijan Development Group | 1 Azdgdating | 2026-04-16 | N/A |
| Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement. | ||||
| CVE-2006-2252 | 1 Openfaq | 1 Openfaq | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-2952 | 1 Subscribe Me Pro | 1 Subscribe Me Pro | 2026-04-16 | N/A |
| Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | ||||
| CVE-2006-2253 | 1 Otterware | 1 Statit | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | ||||
| CVE-2006-4626 | 1 Alwil | 1 Avast Antivirus | 2026-04-16 | N/A |
| Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers the overflow. | ||||
| CVE-2005-2953 | 1 Miva | 1 Miva Merchant | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. | ||||
| CVE-2006-2255 | 1 Creative Software | 1 Community Portal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php. | ||||