Export limit exceeded: 344998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0266 | 1 Sugarcrm | 1 Sugarcrm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. | ||||
| CVE-2005-0268 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | ||||
| CVE-2005-0271 | 1 Photopost | 1 Reviewpost Php Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php. | ||||
| CVE-2006-1995 | 1 Scry Gallery | 1 Scry Gallery | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | ||||
| CVE-2006-2561 | 1 Edimax | 1 Br 6104k | 2026-04-16 | N/A |
| Edimax BR-6104K router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter (possibly within NewInternalClient), which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. | ||||
| CVE-2005-0274 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. | ||||
| CVE-2005-0284 | 1 Woltlab | 1 Burning Book | 2026-04-16 | N/A |
| SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | ||||
| CVE-2000-1041 | 1 Swen Thuemmler | 1 Ypbind | 2026-04-16 | N/A |
| Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges. | ||||
| CVE-2005-0287 | 1 Bottomline | 1 Webseries Payment Application | 2026-04-16 | N/A |
| Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values. | ||||
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2026-04-16 | N/A |
| The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | ||||
| CVE-2006-1996 | 1 Scry Gallery | 1 Scry Gallery | 2026-04-16 | N/A |
| Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | ||||
| CVE-2005-0290 | 1 Netgear | 1 Fvs318 | 2026-04-16 | N/A |
| NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | ||||
| CVE-2005-0291 | 1 Netgear | 1 Fvs318 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | ||||
| CVE-2005-0295 | 1 Inca | 1 Nprotect Gameguard | 2026-04-16 | N/A |
| npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges. | ||||
| CVE-2005-0296 | 1 Novell | 2 Groupwise, Groupwise Webaccess | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue | ||||
| CVE-2005-0297 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | ||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | ||||
| CVE-2005-0300 | 1 Jsboard | 1 Jsboard | 2026-04-16 | N/A |
| Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. | ||||
| CVE-2002-0216 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensitive information via a SQL injection attack in the "uid" parameter. | ||||
| CVE-2005-0308 | 1 Ursoftware | 1 W32dasm | 2026-04-16 | N/A |
| Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. | ||||