Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2110 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
CVE-2006-1506 1 Sun 2 Grid Engine, N1 Grid Engine 2026-04-16 N/A
Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine 5.3 before 20060327 and N1 Grid Engine 6.0 before 20060327 allows local users to gain root privileges.
CVE-2006-4294 1 Twiki 1 Twiki 2026-04-16 N/A
Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2005-2114 2 Mozilla, Redhat 4 Camino, Firefox, Mozilla and 1 more 2026-04-16 N/A
Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function.
CVE-2006-1510 1 Microsoft 1 .net Framework 2026-04-16 N/A
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method.
CVE-2006-4295 1 Panda 1 Panda Activescan 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2005-2118 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
CVE-2006-1517 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message.
CVE-2006-4296 1 Mambo 1 Bigape-backup Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in classes/Tar.php in bigAPE-Backup component (com_babackup) for Mambo 1.1 allows remote attackers to include arbitrary files via the mosConfig_absolute_path parameter.
CVE-2006-4297 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
SQL injection vulnerability in shopping_cart.php in osCommerce before 2.2 Milestone 2 060817 allows remote attackers to execute arbitrary SQL commands via id array parameters.
CVE-2005-2143 1 Microsoft 1 Frontpage 2026-04-16 N/A
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
CVE-2005-2148 1 The Cacti Group 1 Cacti 2026-04-16 N/A
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.
CVE-2006-1523 1 Linux 1 Linux Kernel 2026-04-16 N/A
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.
CVE-2006-4298 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
Multiple directory traversal vulnerabilities in cache.php in osCommerce before 2.2 Milestone 2 060817 allow remote attackers to determine existence of arbitrary files and disclose the installation path via a .. (dot dot) in unspecified parameters in the (1) tep_cache_also_purchased, (2) tep_cache_manufacturers_box, and (3) tep_cache_categories_box functions.
CVE-2005-2162 1 Levcgi.com 1 Myguestbook 2026-04-16 N/A
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
CVE-2005-2163 1 Autoindex 1 Php Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2006-1649 1 Eset Software 1 Nod32 Antivirus 2026-04-16 N/A
The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions.
CVE-2006-4361 1 Dieselscripts 1 Diesel Job Site 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in jobseekers/forgot.php in Diesel Job Site allow remote attackers to inject arbitrary web script or HTML via the (1) uname or (2) SEmail parameters.
CVE-2005-2314 1 Phpsftpd 1 Phpsftpd 2026-04-16 N/A
inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response.
CVE-2005-2329 1 Mrv Communications 3 In Reach Lx 1000s, In Reach Lx 4000s, In Reach Lx 8000s 2026-04-16 N/A
MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users.