Export limit exceeded: 348781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2026-04-16 | N/A |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | ||||
| CVE-2005-1890 | 1 Mortiforo | 1 Mortiforo | 2026-04-16 | N/A |
| Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors. | ||||
| CVE-2005-1893 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | ||||
| CVE-2005-1895 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. | ||||
| CVE-2005-1896 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | ||||
| CVE-2005-1897 | 1 Flexcast | 1 Flexcast Audio Video Streaming Server | 2026-04-16 | N/A |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. | ||||
| CVE-2006-1399 | 1 Php Lite | 1 Meeting Reserve | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in searchresult.php in Meeting Reserve 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1401 | 1 Php Lite | 1 Calendar Express | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) allwords or (2) oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1402 | 1 Csdoom | 1 Csdoom | 2026-04-16 | N/A |
| Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function. | ||||
| CVE-2005-1936 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2026-04-16 | N/A |
| Unknown vulnerability in the web server for the ESS/ Network Controller for Xerox Document Centre 240 through 555 running System Software 27.18.017 and earlier allows attackers to "gain unauthorized access." | ||||
| CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. | ||||
| CVE-2005-1946 | 1 Invision Power Services | 1 Invision Community Blog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. | ||||
| CVE-2005-1961 | 1 Objectweb | 1 Consortium C-jdbc | 2026-04-16 | N/A |
| Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user. | ||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | ||||
| CVE-2005-2002 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | ||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | ||||
| CVE-2006-1406 | 1 Uniforum | 1 Uniforum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx in uniForum 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtuser or (2) txtpassword parameters. | ||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | ||||
| CVE-2005-2010 | 1 Uapplication | 1 Ublog Reload | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. | ||||
| CVE-2006-1410 | 1 Xigla | 1 Absolute Live Support Xe | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute Live Support XE 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Screen name or (2) Session Topic field. | ||||