Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1692 1 Manic Web 1 Mwnewsletter 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis.
CVE-2006-4376 1 Guder Und Koch Netzwerktechnik 1 Eichhorn Portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.
CVE-2006-1697 1 Matt Wright 1 Matt Wright Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the (1) Your Name, (2) E-Mail, or (3) Comments fields when posting a message.
CVE-2006-4378 1 Joomla 1 Rssxt Component 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in the Rssxt component for Joomla! (com_rssxt), possibly 2.0 Beta 1 or 1.0 and earlier, allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter in (1) pinger.php, (2) RPC.php, or (3) rssxt.php. NOTE: another researcher has disputed this issue, saying that the attacker can not control this parameter. In addition, as of 20060825, the original researcher has appeared to be unreliable with some other past reports. CVE has not performed any followup analysis with respect to this issue
CVE-2005-2377 1 Mandrakesoft 2 Mandrake Linux, Mandrake Linux Corporate Server 2026-04-16 N/A
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.
CVE-2006-1700 1 Aweb 1 Scripts Seller 2026-04-16 N/A
Buy.php in Aweb Scripts Seller uses predictable cookies for authentication based on the time and the script number, which allows remote attackers to bypass authentication.
CVE-2006-4384 1 Apple 1 Quicktime 2026-04-16 N/A
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via the COLOR_64 chunk in a FLIC (FLC) movie.
CVE-2005-2384 1 Alwil 1 Avast Antivirus 2026-04-16 N/A
Directory traversal vulnerability in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to write arbitrary files via an ACE archive containing filenames with (1) .. or (2) absolute pathnames.
CVE-2006-1701 1 Shadowed Portal 1 Shadowed Portal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Pages module in Shadowed Portal allows remote attackers to inject arbitrary web script or HTML via the page parameter to load.php.
CVE-2006-4385 1 Apple 1 Quicktime 2026-04-16 N/A
Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted SGI image.
CVE-2005-2392 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.
CVE-2006-1702 1 Spip 1 Spip 2026-04-16 N/A
PHP remote file inclusion vulnerability in spip_login.php3 in SPIP 1.8.3 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter.
CVE-2005-2398 1 Php Surveyor 1 Php Surveyor 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.
CVE-2006-1703 1 Hubert Plisson 1 Sire 2026-04-16 N/A
PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter.
CVE-2006-4388 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix file.
CVE-2006-4389 1 Apple 1 Quicktime 2026-04-16 N/A
Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted FlashPix (FPX) file, which triggers an exception that leads to an operation on an uninitialized object.
CVE-2005-2401 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
CVE-2006-1704 1 Hubert Plisson 1 Sire 2026-04-16 N/A
Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php.
CVE-2006-1705 1 Oracle 2 Oracle10g, Oracle9i 2026-04-16 N/A
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view.
CVE-2005-2410 1 Gnome 1 Networkmanager 2026-04-16 N/A
Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.