Export limit exceeded: 364152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4165 | 1 Netcommons | 1 Netcommons | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2005-1424 | 1 Stumbleinside | 1 Gotext | 2026-04-16 | N/A |
| StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information. | ||||
| CVE-2006-1075 | 1 Jason Boettcher | 1 Liero Xtreme | 2026-04-16 | N/A |
| Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server name, or (3) a mapname in a level (aka .lxl) file. | ||||
| CVE-2006-4166 | 1 Tinywebgallery | 1 Tinywebgallery | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2) image.php2. | ||||
| CVE-2005-1427 | 1 Uapplication | 1 Uphotogallery | 2026-04-16 | N/A |
| Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | ||||
| CVE-2006-1076 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter. | ||||
| CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2026-04-16 | N/A |
| edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | ||||
| CVE-2006-1077 | 1 Evo-dev | 1 Evoblog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters. | ||||
| CVE-2005-1429 | 1 Abczone.it | 1 Wwwguestbook | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2006-1078 | 1 Acme Labs | 1 Thttpd | 2026-04-16 | 8.4 High |
| Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included. | ||||
| CVE-2006-4172 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178. | ||||
| CVE-2005-1430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users. | ||||
| CVE-2005-1431 | 2 Gnu, Redhat | 2 Gnutls, Enterprise Linux | 2026-04-16 | N/A |
| The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | ||||
| CVE-2006-1087 | 1 Php-stats | 1 Php-stats | 2026-04-16 | N/A |
| Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. NOTE: this vulnerability can be exploited by remote unauthenticated attackers in conjunction with the option[admin_pass] authentication bypass vulnerability. | ||||
| CVE-2005-1433 | 1 Hp | 1 Openview Event Correlation Services | 2026-04-16 | N/A |
| Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code. | ||||
| CVE-2005-1435 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | ||||
| CVE-2006-1103 | 1 Sauerbraten | 2 Cube, Sauerbraten | 2026-04-16 | N/A |
| engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference. | ||||
| CVE-2006-4178 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172. | ||||
| CVE-2005-1436 | 1 Osticket | 1 Osticket | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket. | ||||
| CVE-2006-1111 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-16 | N/A |
| Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a "*/*" in the msg parameter to index.php, which reveals usernames and passwords in a MySQL error message, possibly due to a forced SQL error or SQL injection. | ||||