Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4014 1 Php Web 1 Statistik 2026-04-16 N/A
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value.
CVE-2005-4015 1 Php Web 1 Statistik 2026-04-16 N/A
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php.
CVE-2005-4016 1 Widget Press 1 Widget Property 2026-04-16 N/A
SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php.
CVE-2005-4017 1 Widget Press 1 Widget Property 2026-04-16 N/A
property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message.
CVE-2006-3076 1 Phpbluedragon 1 Phpbluedragon Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter.
CVE-2005-4018 1 Landshop 1 Real Estate Commerce System 2026-04-16 N/A
SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters.
CVE-2006-3077 1 Axent 1 Axentguestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter.
CVE-2006-3078 1 Apboard 1 Apboard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php.
CVE-2005-4019 1 Relative Real Estate Systems 1 Relative Real Estate Systems 2026-04-16 N/A
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter.
CVE-2005-4062 1 Xcent 1 Xcclassified 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.
CVE-2006-3115 1 Spiffyjr 1 Phpraid 2026-04-16 N/A
SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the raid_id parameter.
CVE-2006-3123 1 Matt Blaze 1 Cryptographic File System 2026-04-16 N/A
Multiple integer overflows in the (1) dodecrypt and (2) doencrypt functions in cfs_fh.c in cfsd in Matt Blaze Cryptographic File System (CFS) 1.4.1 before Debian GNU/Linux package 1.4.1-17 allow local users to cause a denial of service (daemon crash) by appending data to a file that is larger than 2 Gb.
CVE-2005-4063 1 Netauctionhelp 1 Netauctionhelp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp.
CVE-2005-4064 1 Alan Ward 1 A-faq 2026-04-16 N/A
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.
CVE-2005-4065 1 Edgewall Software 1 Trac 2026-04-16 N/A
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2006-3131 1 Clubpage 1 Clubpage 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter in (b) sites.php; and the (5) news_id parameter in (c) news_more.php.
CVE-2006-3135 1 Hotwebscripts 1 Cms Mundo 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter in the (a) news module, (2) searchstring parameter in (b) the search module, (3) id parameter in (c) the webshop module, (4) username parameter in (d) index.php, and (5) Name, (6) Address, (7) Zip, (8) City, (9) Country, and (10) Email fields during (e) a user profile update.
CVE-2005-4068 1 Ibm 1 Aix 2026-04-16 N/A
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.
CVE-2006-3137 1 Cutting Edge Computing 1 Edge Ecommerce Shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter.
CVE-2005-4072 1 Cfmagic 1 Magic Forum Personal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field.