Export limit exceeded: 345217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345217 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1499 | 1 Mywebland | 1 Mybloggie | 2026-04-16 | N/A |
| delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter. | ||||
| CVE-2006-2804 | 1 Goss | 1 Icm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in Goss Intelligent Content Management (iCM) 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources. | ||||
| CVE-2002-1735 | 1 Davin Mccall | 1 Dlogin | 2026-04-16 | N/A |
| Buffer overflow in dlogin 1.0a could allow local users to gain privileges via unknown attack vectors. | ||||
| CVE-2006-2805 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter. | ||||
| CVE-2006-2806 | 1 Apache | 1 James | 2026-04-16 | N/A |
| The SMTP server in Apache Java Mail Enterprise Server (aka Apache James) 2.2.0 allows remote attackers to cause a denial of service (CPU consumption) via a long argument to the MAIL command. | ||||
| CVE-2005-1509 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2002-1737 | 1 Astaro | 1 Security Linux | 2026-04-16 | N/A |
| Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files. | ||||
| CVE-2006-2807 | 1 Aspwebsoft | 1 Speedy Asp Discussion Forum | 2026-04-16 | N/A |
| ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp. | ||||
| CVE-2005-1511 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie. | ||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | ||||
| CVE-2005-1631 | 1 Booby | 1 Booby | 2026-04-16 | N/A |
| booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs. | ||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | ||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | ||||
| CVE-2006-2935 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2026-04-16 | N/A |
| The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | ||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. | ||||
| CVE-2006-2814 | 1 Ishopcart | 1 Ishopcart | 2026-04-16 | N/A |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | ||||
| CVE-2006-2936 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. | ||||
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | ||||