Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0778 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | ||||
| CVE-2006-0624 | 1 Webeveyn | 1 Whomp Real Estate Manager Xp 2005 | 2026-04-16 | N/A |
| SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | ||||
| CVE-2005-0779 | 1 Platinumftp | 1 Platinumftpserver | 2026-04-16 | N/A |
| PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username. | ||||
| CVE-2006-0625 | 1 Spip | 1 Spip | 2026-04-16 | N/A |
| Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3. | ||||
| CVE-2006-3805 | 2 Mozilla, Redhat | 4 Firefox, Seamonkey, Thunderbird and 1 more | 2026-04-16 | N/A |
| The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. | ||||
| CVE-2005-0780 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | ||||
| CVE-2006-0626 | 1 Spip | 1 Spip | 2026-04-16 | N/A |
| SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter. | ||||
| CVE-2005-0812 | 1 Notify Technology | 1 Notifylink | 2026-04-16 | N/A |
| The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information. | ||||
| CVE-2006-0653 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | ||||
| CVE-2005-0813 | 1 Initial Redirect | 1 Initial Redirect Squid Proxy Plug-in | 2026-04-16 | N/A |
| Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors. | ||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2026-04-16 | N/A |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2006-0654 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-16 | N/A |
| check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | ||||
| CVE-2005-0815 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | ||||
| CVE-2006-0655 | 1 Hinton Design | 1 Phpht Topsites | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2005-0816 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. | ||||
| CVE-2006-0656 | 1 Hp | 1 Systems Insight Manager | 2026-04-16 | N/A |
| Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | ||||
| CVE-2005-0817 | 1 Symantec | 4 Enterprise Firewall, Gateway Security 5300, Gateway Security 5400 and 1 more | 2026-04-16 | N/A |
| Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. | ||||
| CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2026-04-16 | N/A |
| Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | ||||
| CVE-2005-0822 | 1 Citrix | 1 Metaframe Password Manager | 2026-04-16 | N/A |
| Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy. | ||||
| CVE-2006-3816 | 1 Krusader | 1 Krusader | 2026-04-16 | N/A |
| Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. | ||||