Export limit exceeded: 364840 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0075 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-16 | N/A |
| prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers. | ||||
| CVE-2005-0076 | 1 Debian | 1 Debian Linux | 2026-04-16 | N/A |
| Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. | ||||
| CVE-2005-0077 | 4 Debian, Gentoo, Redhat and 1 more | 5 Debian Linux, Linux, Enterprise Linux and 2 more | 2026-04-16 | N/A |
| The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. | ||||
| CVE-2005-0078 | 3 Debian, Kde, Redhat | 5 Debian Linux, Kde, Enterprise Linux and 2 more | 2026-04-16 | N/A |
| The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. | ||||
| CVE-2005-0220 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||||
| CVE-2006-3661 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2005-0221 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. | ||||
| CVE-2006-0370 | 1 Noah Medling | 1 Rcblog | 2026-04-16 | N/A |
| Noah Medling RCBlog 1.03 stores the data and config directories under the web root with insufficient access control, which allows remote attackers to view account names and MD5 password hashes. | ||||
| CVE-2005-0222 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message. | ||||
| CVE-2006-0371 | 1 Noah Medling | 1 Rcblog | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Noah Medling RCBlog 1.03 allows remote attackers to read arbitrary .txt files, possibly including one that stores the administrator's account name and password, via a .. (dot dot) in the post parameter. | ||||
| CVE-2006-3662 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in ATutor 1.5.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter. NOTE: this issue has been disputed by the vendor, who states "The mentioned SQL injection vulnerability is not possible." However, the relevant source code suggests that this issue may be legitimate, and the parameter is cleansed in 1.5.3.1 | ||||
| CVE-2005-0225 | 1 Firehol | 1 Firehol | 2026-04-16 | N/A |
| firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2006-0372 | 1 Insane Visions | 1 Blogphp | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. | ||||
| CVE-2006-3663 | 1 Finjan | 1 Vital Security | 2026-04-16 | N/A |
| Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in plaintext in a backup file, which allows local users to gain privileges. NOTE: the vendor has notified CVE that this issue was fixed in 8.3.6. | ||||
| CVE-2005-0226 | 1 Ngircd | 1 Ngircd | 2026-04-16 | N/A |
| Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. | ||||
| CVE-2006-0373 | 1 Douran | 1 Followweb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-3664 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors. | ||||
| CVE-2006-3665 | 1 Squirrelmail | 1 Squirrelmail | 2026-04-16 | N/A |
| SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows remote attackers to hijack cookies in src/redirect.php via unknown vectors. NOTE: while "cookie theft" is frequently associated with XSS, the vendor disclosure is too vague to be certain of this. | ||||
| CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2026-04-16 | N/A |
| CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | ||||
| CVE-2006-0377 | 2 Redhat, Squirrelmail | 2 Enterprise Linux, Squirrelmail | 2026-04-16 | N/A |
| CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | ||||