Export limit exceeded: 20007 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362531 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1963 | 1 Pcpin | 1 Pcpin Chat | 2026-04-16 | N/A |
| Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code. | ||||
| CVE-2004-1227 | 1 Sugarcrm | 1 Sugar Sales | 2026-04-16 | N/A |
| Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts. | ||||
| CVE-2006-1964 | 1 Aspsitem | 1 Aspsitem | 2026-04-16 | N/A |
| SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2006-1965 | 1 Aasi Media | 1 Net Clubs Pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net Clubs Pro 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) onuser, (2) pass, (3) chatsys, (4) room, (5) username, and (6) to parameters in (a) sendim.cgi; the (7) username parameter in (b) imessage.cgi; the (8) password parameter in (c) login.cgi; and the (9) cat_id parameter in (d) viewcat.cgi. | ||||
| CVE-2004-1235 | 7 Avaya, Conectiva, Linux and 4 more | 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more | 2026-04-16 | N/A |
| Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. | ||||
| CVE-2004-1254 | 1 Rarlab | 1 Winrar | 2026-04-16 | N/A |
| WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. | ||||
| CVE-2005-4825 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2026-04-16 | N/A |
| Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332. | ||||
| CVE-2005-4821 | 1 Neocrome | 1 Land Down Under | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attackers to execute arbitrary SQL commands via parameters including (1) the m parameter in auth.php, (2) the f parameter in events.php, or (3) the e parameter in plug.php. | ||||
| CVE-2006-1269 | 1 Rahul Dhesi | 1 Zoo | 2026-04-16 | N/A |
| Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive. | ||||
| CVE-2006-1270 | 1 Inprotect | 1 Inprotect | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-1271 | 1 Oxynews | 1 Oxynews | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. | ||||
| CVE-2005-4591 | 1 Bogofilter | 1 Email Filter | 2026-04-16 | N/A |
| Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets. | ||||
| CVE-2006-1272 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field. | ||||
| CVE-2005-4592 | 1 Bogofilter | 1 Email Filter | 2026-04-16 | N/A |
| Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex. | ||||
| CVE-2006-1273 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and onmouseover, which triggers the crash when the user views the page source. NOTE: Red Hat has disputed this issue, suggesting that "It is likely the reporter was running the IE Tab extension," and Mozilla also confirmed that this is not an issue in Firefox itself | ||||
| CVE-2005-4596 | 1 Ades Design | 1 Adesguestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter. | ||||
| CVE-2005-4597 | 1 Epistream | 1 Ipei Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook. | ||||
| CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2006-1274 | 1 Avira | 1 Antivir Personal | 2026-04-16 | N/A |
| Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. | ||||
| CVE-2005-4604 | 1 Jean-jacques Sarton | 1 Mtink | 2026-04-16 | N/A |
| Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable. | ||||