Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0773 1 Symantec Veritas 1 Backup Exec 2026-04-16 N/A
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
CVE-2005-0774 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter.
CVE-2005-0775 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator.
CVE-2005-0776 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos.
CVE-2005-0777 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile.
CVE-2006-0623 1 Qnx 1 Rtos 2026-04-16 N/A
QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable permissions, which allows local users to modify the file and execute arbitrary code at system startup.
CVE-2005-0778 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.
CVE-2006-0624 1 Webeveyn 1 Whomp Real Estate Manager Xp 2005 2026-04-16 N/A
SQL injection vulnerability in check.asp in Whomp Real Estate Manager XP 2005 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2005-0779 1 Platinumftp 1 Platinumftpserver 2026-04-16 N/A
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username.
CVE-2006-0625 1 Spip 1 Spip 2026-04-16 N/A
Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and earlier allows remote attackers to read or include arbitrary files via ".." sequences in the GLOBALS[type_urls] parameter, which could then be used to execute arbitrary code via resultant direct static code injection in the file parameter to spip_acces_doc.php3.
CVE-2006-3805 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used.
CVE-2005-0780 1 Php Arena 1 Pafiledb 2026-04-16 N/A
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message.
CVE-2006-0626 1 Spip 1 Spip 2026-04-16 N/A
SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and earlier allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2005-0781 1 Php Arena 1 Pafiledb 2026-04-16 N/A
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.
CVE-2005-0782 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.
CVE-2006-0627 1 Clever Copy 1 Clever Copy 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and 3.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Referer or (2) X-Forwarded-For headers in an HTTP request, which are not properly handled when the administrator accesses Site Stats.
CVE-2005-0783 1 Phorum 1 Phorum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file.
CVE-2006-0628 1 Dale Ray 1 Myquiz 2026-04-16 N/A
myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute arbitrary commands via shell metacharacters in the URL, which are not properly handled as part of the PATH_INFO environment variable.
CVE-2005-0784 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.
CVE-2006-0629 1 Aol 1 Instant Messenger 2026-04-16 N/A
Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow.