Export limit exceeded: 363855 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363855 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0194 1 Fog Creek Software 1 Fogbugz 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page.
CVE-2006-0196 1 Serial Line Sniffer 1 Serial Line Sniffer 2026-04-16 N/A
Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow.
CVE-2006-0197 1 X.org 1 X.org 2026-04-16 N/A
The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks.
CVE-2006-0198 1 Xoops 1 Xoops Pool Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment.
CVE-2006-0199 1 Mini-nuke 1 Cms System 2026-04-16 N/A
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
CVE-2006-0201 1 Paypal 1 Php Toolkit 2026-04-16 N/A
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php.
CVE-2006-0205 1 Wordcircle 1 Wordcircle 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts.
CVE-2006-0207 1 Php 1 Php 2026-04-16 N/A
Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function.
CVE-2005-3922 1 Panda 19 Panda Activescan, Panda Antivirus, Panda Antivirus Platinum and 16 more 2026-04-16 N/A
Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive.
CVE-2005-3923 1 Netobjects 1 Netobjects Fusion 2026-04-16 N/A
NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site.
CVE-2005-3924 1 Randshop 1 Randshop 2026-04-16 N/A
SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.
CVE-2005-3925 1 Helpdesk Issue Manager 1 Helpdesk Issue Manager 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php.
CVE-2005-3926 1 Guppy 1 Guppy 2026-04-16 N/A
Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script.
CVE-2005-3927 1 Guppy 1 Guppy 2026-04-16 N/A
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
CVE-2005-3928 1 Qnx 1 Rtos 2026-04-16 N/A
Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument.
CVE-2005-3929 1 Xaraya 1 Xaraya 2026-04-16 N/A
Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via ".." sequences in the module parameter to index.php.
CVE-2005-3930 1 N-13 News 1 N-13 News 2026-04-16 N/A
SQL injection vulnerability in index.php in N-13 News 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-3931 1 Asp-rider 1 Asp-rider 2026-04-16 N/A
SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer.
CVE-2005-3932 1 O-kiraku Nikki 1 O-kiraku Nikki 2026-04-16 N/A
SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter.
CVE-2005-3933 1 88script 1 88script Event Calendar 2026-04-16 N/A
SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter.