Export limit exceeded: 346866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346866 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1574 | 1 Hitachi | 4 Groupmax World Wide Web, Groupmax World Wide Web Desktop, Groupmax World Wide Web Desktop Scheduler and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | ||||
| CVE-2006-1991 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | ||||
| CVE-2006-0936 | 1 Free Host Shop | 1 Website Generator | 2026-04-16 | N/A |
| Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing %00. | ||||
| CVE-2006-0945 | 1 Archangelmgt | 1 Weblog | 2026-04-16 | N/A |
| PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | ||||
| CVE-2006-0947 | 1 Thomson | 1 Speedtouch | 2026-04-16 | N/A |
| Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. | ||||
| CVE-2006-0958 | 1 Zoneo-soft | 1 Freeforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. | ||||
| CVE-2006-1575 | 1 Vscripts.pl | 1 Qlnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. | ||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | ||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2026-04-16 | N/A |
| SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie. | ||||
| CVE-2006-1576 | 1 Vscripts.pl | 1 Qlnews | 2026-04-16 | N/A |
| Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php. | ||||
| CVE-2006-0963 | 1 Stlport Project | 1 Stlport | 2026-04-16 | N/A |
| Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp. | ||||
| CVE-2006-1577 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. | ||||
| CVE-2006-0964 | 1 Ncp Network Communications | 1 Secure Client | 2026-04-16 | N/A |
| Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. | ||||
| CVE-2006-0965 | 1 Ncp Network Communications | 1 Secure Client | 2026-04-16 | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow. | ||||
| CVE-2006-1579 | 1 Dbbs | 1 Dbbs | 2026-04-16 | N/A |
| SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. | ||||
| CVE-2005-2425 | 1 Ares | 1 Fileshare | 2026-04-16 | N/A |
| Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string. | ||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. | ||||
| CVE-2006-1478 | 1 Turnkey Web Tools | 1 Php Live Helper | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | ||||
| CVE-2005-2234 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | ||||