Export limit exceeded: 364152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4165 1 Netcommons 1 Netcommons 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2005-1424 1 Stumbleinside 1 Gotext 2026-04-16 N/A
StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.
CVE-2006-1075 1 Jason Boettcher 1 Liero Xtreme 2026-04-16 N/A
Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server name, or (3) a mapname in a level (aka .lxl) file.
CVE-2006-4166 1 Tinywebgallery 1 Tinywebgallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2.
CVE-2005-1427 1 Uapplication 1 Uphotogallery 2026-04-16 N/A
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb.
CVE-2006-1076 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2005-1428 1 Uapplication 1 Uphotogallery 2026-04-16 N/A
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.
CVE-2006-1077 1 Evo-dev 1 Evoblog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters.
CVE-2005-1429 1 Abczone.it 1 Wwwguestbook 2026-04-16 N/A
SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2006-1078 1 Acme Labs 1 Thttpd 2026-04-16 8.4 High
Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.
CVE-2006-4172 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
CVE-2005-1430 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.
CVE-2005-1431 2 Gnu, Redhat 2 Gnutls, Enterprise Linux 2026-04-16 N/A
The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.
CVE-2006-1087 1 Php-stats 1 Php-stats 2026-04-16 N/A
Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability.
CVE-2005-1433 1 Hp 1 Openview Event Correlation Services 2026-04-16 N/A
Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.
CVE-2005-1435 1 Open Webmail 1 Open Webmail 2026-04-16 N/A
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
CVE-2006-1103 1 Sauerbraten 2 Cube, Sauerbraten 2026-04-16 N/A
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference.
CVE-2006-4178 1 Freebsd 1 Freebsd 2026-04-16 N/A
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
CVE-2005-1436 1 Osticket 1 Osticket 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
CVE-2006-1111 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection.