Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4920 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Site@School (S@S) 2.4.02 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to (1) starnet/modules/sn_allbum/slideshow.php, and (2) starnet/themes/editable/main.inc.php. | ||||
| CVE-2006-4921 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cmsdir parameter to starnet/modules/include/include.php. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2005-3487 | 1 Scorched 3d | 1 Scorched 3d | 2026-04-16 | N/A |
| Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors. | ||||
| CVE-2006-4922 | 1 Siteatschool | 1 Siteatschool | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in starnet/editors/htmlarea/popups/images.php in Site@School (S@S) 2.4.02 and earlier allows remote attackers to upload and execute arbitrary files with executable extensions. | ||||
| CVE-2006-4923 | 1 Esyndicat Portal System | 1 Esyndicat Portal System | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter. | ||||
| CVE-2005-3504 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code. | ||||
| CVE-2006-2680 | 1 Php4script | 1 Az Photo Album Script Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. | ||||
| CVE-2005-3512 | 1 Vubb | 1 Vubb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action. | ||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | ||||
| CVE-2005-3514 | 1 Chipmunk Scripts | 1 Chipmunk Forum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php. | ||||
| CVE-2006-2683 | 1 Open-medium | 1 Open-medium Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter. | ||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2026-04-16 | N/A |
| Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | ||||
| CVE-2006-2684 | 1 Hotwebscripts | 1 Cms Mundo | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. | ||||
| CVE-2005-3520 | 1 Mysource | 1 Mysource | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. | ||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | ||||
| CVE-2005-3522 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. | ||||
| CVE-2006-4937 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| lib/setup.php in Moodle before 1.6.2 sets the error reporting level to 7 to display E_WARNING messages to users even if debugging is disabled, which might allow remote authenticated users to obtain sensitive information by triggering the messages. | ||||
| CVE-2005-3523 | 1 Gpsdrive | 1 Gpsdrive | 2026-04-16 | N/A |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. | ||||
| CVE-2006-4938 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| help.php in Moodle before 1.6.2 does not check the existence of certain help files before including them, which might allow remote authenticated users to obtain the path in an error message. | ||||
| CVE-2005-3524 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2026-04-16 | N/A |
| Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. | ||||