Export limit exceeded: 345239 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345239 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0945 | 1 Archangelmgt | 1 Weblog | 2026-04-16 | N/A |
| PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. | ||||
| CVE-2006-0947 | 1 Thomson | 1 Speedtouch | 2026-04-16 | N/A |
| Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem when creating the account, but cannot be deleted by the administrator, possibly due to cleansing that occurs in the administrator interface. | ||||
| CVE-2006-0958 | 1 Zoneo-soft | 1 Freeforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters. | ||||
| CVE-2006-1575 | 1 Vscripts.pl | 1 Qlnews | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. | ||||
| CVE-2006-0959 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected. | ||||
| CVE-2006-0962 | 1 Vubb | 1 Vubb | 2026-04-16 | N/A |
| SQL injection vulnerability in vuBB 0.2 allows remote attackers to execute arbitrary SQL commands via the pass parameter in a cookie. | ||||
| CVE-2006-1576 | 1 Vscripts.pl | 1 Qlnews | 2026-04-16 | N/A |
| Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php. | ||||
| CVE-2006-0963 | 1 Stlport Project | 1 Stlport | 2026-04-16 | N/A |
| Multiple buffer overflows in STLport 5.0.2 might allow local users to execute arbitrary code via (1) long locale environment variables to a strcpy function call in c_locale_glibc2.c and (2) long arguments to unspecified functions in num_put_float.cpp. | ||||
| CVE-2006-1577 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. | ||||
| CVE-2006-0964 | 1 Ncp Network Communications | 1 Secure Client | 2026-04-16 | N/A |
| Client Firewall in NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass firewall program execution rules by replacing an allowed program with an arbitrary program. | ||||
| CVE-2006-0965 | 1 Ncp Network Communications | 1 Secure Client | 2026-04-16 | N/A |
| NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow. | ||||
| CVE-2006-1579 | 1 Dbbs | 1 Dbbs | 2026-04-16 | N/A |
| SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. | ||||
| CVE-2005-2233 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including (2) pdisable, (3) pstart, (4) phold, (5) pdelay, or (6) pshare. | ||||
| CVE-2006-1478 | 1 Turnkey Web Tools | 1 Php Live Helper | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | ||||
| CVE-2005-2234 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2006-1479 | 1 Serge Rey | 1 Gtd-php | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php. | ||||
| CVE-2006-1764 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2005-2235 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2005-2236 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. | ||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | ||||