Export limit exceeded: 347865 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2062 | 1 Active Web Softwares | 1 Activebuyandsell | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to execute arbitrary SQL commands via the catid parameter to (1) default.asp or (2) buyersend.asp, (3) Administrator ID field in admin.asp, E-mail field in (4) advertiserstart.asp or (5) buyer.asp, or Keyword field in search.asp. | ||||
| CVE-2005-2079 | 1 Symantec Veritas | 1 Backup Exec | 2026-04-16 | N/A |
| Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. | ||||
| CVE-2005-2080 | 1 Symantec Veritas | 1 Backup Exec | 2026-04-16 | N/A |
| Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. | ||||
| CVE-2005-2081 | 1 Digium | 1 Asterisk | 2026-04-16 | N/A |
| Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. | ||||
| CVE-2006-1426 | 1 Pixel Motion | 1 Pixel Motion Blog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the (1) date parameter in index.php or bypass authentication via the (2) password parameter in admin/index.php. | ||||
| CVE-2005-2082 | 1 Cgi-club | 1 Imtrset | 2026-04-16 | N/A |
| im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter. | ||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | ||||
| CVE-2006-1428 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. | ||||
| CVE-2006-1429 | 1 Fusionzone | 1 Classifiedzone | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter. | ||||
| CVE-2006-1430 | 1 Controlzx | 1 Hms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php. | ||||
| CVE-2006-1748 | 1 Xmb Software | 1 Xmb Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript. | ||||
| CVE-2005-2090 | 2 Apache, Redhat | 7 Tomcat, Certificate System, Enterprise Linux and 4 more | 2026-04-16 | N/A |
| Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Tomcat to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2026-04-16 | N/A |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. | ||||
| CVE-2006-1908 | 1 Mywebland | 1 Myevent | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1969 | 1 Kcscripts | 1 Portal Pack | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search/search.cgi in an unspecified KCScripts script, probably Search Engine or Site Search, distributed individually and as part of Portal Pack 6.0 and earlier, allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-2105 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | ||||
| CVE-2006-1433 | 1 Annuaire | 1 Directory | 2026-04-16 | N/A |
| Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. | ||||
| CVE-2006-1909 | 1 Coppermine | 1 Coppermine Photo Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | ||||
| CVE-2006-1974 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) before 1.04 allows remote attackers to execute arbitrary SQL commands via the referrer parameter. | ||||