Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0520 1 Dragoran 1 Portal Module 2026-04-16 N/A
SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0605 8 Altlinux, Lesstif, Mandrakesoft and 5 more 12 Alt Linux, Lesstif, Mandrake Linux and 9 more 2026-04-16 N/A
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2006-0521 1 Browsercrm 1 Browsercrm 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM allows remote attackers to inject arbitrary web script or HTML via certain manipulations of the query parameter, as demonstrated using an IMG SRC tag.
CVE-2006-3739 3 Redhat, X.org, Xfree86 Project 3 Enterprise Linux, X.org, Xfree86 X 2026-04-16 N/A
Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics (AFM) files with a modified number of character metrics (StartCharMetrics), which leads to a heap-based buffer overflow.
CVE-2005-0606 1 Devellion 1 Cubecart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
CVE-2005-0692 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
CVE-2005-0694 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
CVE-2005-0700 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
CVE-2005-0702 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote attackers to add FAQ records to the database via the username field in forum messages.
CVE-2005-0704 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
CVE-2005-0706 2 Grip, Redhat 2 Grip, Enterprise Linux 2026-04-16 N/A
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
CVE-2006-0587 1 Gallery Project 1 Gallery 2026-04-16 N/A
Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file.
CVE-2005-0695 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.
CVE-2005-0707 1 Ipswitch 1 Ipswitch Collaboration Suite 2026-04-16 N/A
Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.
CVE-2006-0588 1 Jaia Interactive 1 Mytopix 2026-04-16 N/A
SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters.
CVE-2005-0696 1 Argosoft 1 Ftp Server 2026-04-16 N/A
Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5.
CVE-2005-0708 2 Dragonflybsd, Freebsd 2 Dragonflybsd, Freebsd 2026-04-16 N/A
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
CVE-2005-0697 1 Brt 1 Copperexport 2026-04-16 N/A
SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters.
CVE-2005-0698 1 Jason Hines 1 Phpweblog 2026-04-16 N/A
PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) G_PATH parameter to init.inc.php or the (2) PATH parameter to index.php to reference a URL on a remote web server that contains the code.
CVE-2006-3798 1 Deluxebb 1 Deluxebb 2026-04-16 N/A
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) _GET, (2) _POST, (3) _ENV, and (4) _SERVER variables via the _COOKIE (aka COOKIE) variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the global namespace."