Export limit exceeded: 351502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1035 | 1 Pavuk | 1 Pavuk | 2026-04-16 | N/A |
| Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact. | ||||
| CVE-2005-1047 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. | ||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2026-04-16 | N/A |
| TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. | ||||
| CVE-2005-1064 | 1 Rsnapshot | 1 Filesystem Snapshot Utility | 2026-04-16 | N/A |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | ||||
| CVE-2005-1067 | 1 Access User Class | 1 Access User Class | 2026-04-16 | N/A |
| Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new". | ||||
| CVE-2005-1070 | 1 Invision Power Services | 1 Invision Board | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. | ||||
| CVE-2006-1229 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-1657 | 1 Chucky A. Ivey | 1 N.t. | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page. | ||||
| CVE-2005-1087 | 1 An | 1 An-httpd | 2026-04-16 | N/A |
| CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | ||||
| CVE-2006-1230 | 1 Belchior Foundry | 1 Vcard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. NOTE: the card_id vector was later reported to affect vCard 2.9, and the uploaded vector for 2.6. | ||||
| CVE-2005-1089 | 1 Dc\+\+ | 1 Dc\+\+ | 2026-04-16 | N/A |
| Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. | ||||
| CVE-2006-1231 | 1 Julian Pawlowski | 1 Capi4hylafax | 2026-04-16 | N/A |
| CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file. | ||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2026-04-16 | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | ||||
| CVE-2005-1096 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | ||||
| CVE-2006-1232 | 1 Dsportal | 1 Dsdownload | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | ||||
| CVE-2006-1233 | 1 Mikael Software | 1 Wmnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php. | ||||
| CVE-2005-1174 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2026-04-16 | N/A |
| MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory. | ||||
| CVE-2006-1234 | 1 Dsportal | 1 Dscounter | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | ||||
| CVE-2005-1193 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | ||||
| CVE-2006-1235 | 1 David Ravenscroft | 1 Hithost | 2026-04-16 | N/A |
| Directory traversal vulnerability in admin/deleteuser.php in HitHost 1.0.0 might allow remote attackers to delete directories (possibly only empty directories) via the $deleteuser variable. NOTE: the initial disclosure for this issue indicated that the researcher was unable to prove this issue; however, this might have been due to certain behaviors of rmdir. | ||||