Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3558 | 1 Oste | 1 Oste | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. | ||||
| CVE-2006-2459 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. | ||||
| CVE-2006-2469 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to SP6, and 6.1 up to SP7 stores the username and password in cleartext in the WebLogic Server log when access to a web application or protected JWS fails, which allows attackers to gain privileges. | ||||
| CVE-2006-2485 | 1 Quezza | 1 Quezza Bb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in includes/class_template.php in Quezza 1.0 and earlier, and possibly 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the quezza_root_path parameter. | ||||
| CVE-2006-4636 | 1 Szewo | 1 Phpcommander | 2025-04-03 | N/A |
| Directory traversal vulnerability in SZEWO PhpCommander 3.0 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Directory parameter, as demonstrated by parameter values naming Apache HTTP Server log files that apparently contain PHP code. | ||||
| CVE-2005-3666 | 1 Internet Key Exchange | 1 Internet Key Exchange | 2025-04-03 | N/A |
| Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. | ||||
| CVE-2006-2648 | 1 Aspbb | 1 Aspbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter. | ||||
| CVE-2006-4642 | 1 Auditwizard | 1 Auditwizard | 2025-04-03 | N/A |
| AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2006-2659 | 1 Double Precision Incorporated | 1 Courier Mta | 2025-04-03 | N/A |
| libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding. | ||||
| CVE-2005-0986 | 1 Ibm | 1 Lotus Domino Server | 2025-04-03 | N/A |
| NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue. | ||||
| CVE-2005-0978 | 1 Ivt | 1 Bluesoleil | 2025-04-03 | N/A |
| Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command. | ||||
| CVE-2005-0994 | 1 Early Impact | 1 Productcart | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp. NOTE: it is possible that item (2) is the result of a typo or editing error from the original research report. | ||||
| CVE-2006-4891 | 1 Techno Dreams | 1 Articles And Papers Package | 2025-04-03 | N/A |
| SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams Articles & Papers Package 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2005-1013 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2025-04-03 | N/A |
| The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string. | ||||
| CVE-2005-1062 | 1 Kerio | 3 Kerio Mailserver, Personal Firewall, Winroute Firewall | 2025-04-03 | N/A |
| The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods. | ||||
| CVE-2006-4892 | 1 Techno Dreams | 1 Faq Manager Package | 2025-04-03 | N/A |
| SQL injection vulnerability in faqview.asp in Techno Dreams FAQ Manager Package 1.0 allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. | ||||
| CVE-2005-1029 | 1 Active Web Softwares | 1 Active Auction House | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp. | ||||
| CVE-2005-1038 | 2 Paul Vixie, Redhat | 2 Vixie Cron, Enterprise Linux | 2025-04-03 | N/A |
| crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. | ||||
| CVE-2005-1046 | 2 Kde, Redhat | 2 Kde, Enterprise Linux | 2025-04-03 | N/A |
| Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file. | ||||