Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0589 | 1 Jaia Interactive | 1 Mytopix | 2025-04-03 | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via a direct request to logon.mod.php, which leaks the path in an error message. | ||||
| CVE-2006-0614 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-03 | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | ||||
| CVE-2006-0691 | 1 Scheduling Management.com | 1 Time Tracking Software | 2025-04-03 | N/A |
| edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. | ||||
| CVE-2006-0699 | 1 David Barrett | 1 Qwikiwiki | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-1609 | 1 Sun | 1 Storedge 6130 Arrays | 2025-04-03 | N/A |
| Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data. | ||||
| CVE-2005-4034 | 1 Web4future | 1 Edating Professional | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php. | ||||
| CVE-2005-4035 | 1 Web4future | 1 Web4future Ecommerce | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php. | ||||
| CVE-2005-4197 | 1 Nortel | 1 Ssl Vpn | 2025-04-03 | N/A |
| tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. | ||||
| CVE-2006-3338 | 1 Atlassian | 1 Jira | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a direct request to secure/ConfigureReleaseNote.jspa, which are not sanitized before being returned in an error page. | ||||
| CVE-2006-3340 | 1 Pearlinger | 1 Pearl For Mambo | 2025-04-03 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo module 1.6 for Mambo, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the (1) phpbb_root_path parameter in (a) includes/functions_cms.php and the (2) GlobalSettings[templatesDirectory] parameter in multiple files in the "includes" directory including (b) adminSensored.php, (c) adminBoards.php, (d) adminAttachments.php, (e) adminAvatars.php, (f) adminBackupdatabase.php, (g) adminBanned.php, (h) adminForums.php, (i) adminPolls.php, (j) adminSmileys.php, (k) poll.php, and (l) move.php. | ||||
| CVE-2006-3343 | 1 Crisoft Ricette | 1 Crisoft Ricette | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in recipe/cookbook.php in CrisoftRicette 1.0pre15b allows remote attackers to execute arbitrary PHP code via a URL in the crisoftricette parameter. | ||||
| CVE-2006-3351 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2025-04-03 | N/A |
| Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and 2003 allows user-assisted attackers to cause a denial of service (repeated crash) and possibly execute arbitrary code via a .url file with an InternetShortcut tag containing a long URL and a large number of "file:" specifiers. | ||||
| CVE-2006-3355 | 1 Mpg123 | 1 Mpg123 | 2025-04-03 | N/A |
| Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982. | ||||
| CVE-2006-3362 | 2 Geeklog, Toenda Software Development | 2 Geeklog, Toendacms | 2025-04-03 | N/A |
| Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip. | ||||
| CVE-2006-3367 | 1 Mp3netbox | 1 Mp3netbox | 2025-04-03 | N/A |
| Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. | ||||
| CVE-2006-3382 | 1 Mads | 1 Mads | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via the "search string". | ||||
| CVE-2006-3389 | 1 Wordpress | 1 Wordpress | 2025-04-03 | N/A |
| index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. | ||||
| CVE-2006-3393 | 1 Electronic Arts | 1 Nascar Racing | 2025-04-03 | N/A |
| Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. | ||||
| CVE-2006-3394 | 1 Bxcp | 1 Bxcp | 2025-04-03 | N/A |
| SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | ||||
| CVE-2006-3453 | 1 Adobe | 1 Acrobat | 2025-04-03 | N/A |
| Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers to execute arbitrary code via unknown vectors in a document that triggers the overflow when it is distilled to PDF. | ||||