Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). | ||||
| CVE-2006-1650 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue. | ||||
| CVE-2005-1614 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter. | ||||
| CVE-2005-0773 | 1 Symantec Veritas | 1 Backup Exec | 2026-04-16 | N/A |
| Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument. | ||||
| CVE-2006-1412 | 1 Tft Gallery | 1 Tft Gallery | 2026-04-16 | N/A |
| TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd. | ||||
| CVE-2000-0632 | 1 Lsoft | 1 Listserv | 2026-04-16 | N/A |
| Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. | ||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). | ||||
| CVE-2005-0889 | 1 Dream4 | 1 Koobi Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter. | ||||
| CVE-2005-0908 | 1 Valdersoft | 1 Valdersoft Shopping Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php. | ||||
| CVE-2006-2006 | 1 Ivan Zahariev | 1 Izarc | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 beta 3 allow remote attackers to write arbitrary files via a ..\ (dot dot backslash) in a (1) .rar, (2) .tar, (3) .zip, (4) .jar, or (5) .gz archive. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-2565 | 1 Alstrasoft | 1 Article Manager Pro | 2026-04-16 | N/A |
| SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid. | ||||
| CVE-2006-1413 | 1 Htmljunction | 1 Ezhomepagepro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp. | ||||
| CVE-2006-2008 | 1 Built2go | 1 Movie Review | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in movie_cls.php in Built2Go PHP Movie Review 2B and earlier allows remote attackers to execute arbitrary PHP code via a URL in the full_path parameter. | ||||
| CVE-2005-0931 | 1 Jimmy | 1 The Includer | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code. | ||||
| CVE-2006-1432 | 1 Fusionzone | 1 Couponzone | 2026-04-16 | N/A |
| fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. | ||||
| CVE-2005-1331 | 1 Apple | 3 Applescript, Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs. | ||||
| CVE-2004-2650 | 1 Apache | 1 James | 2026-04-16 | N/A |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | ||||
| CVE-2005-1338 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext. | ||||
| CVE-2005-1365 | 1 Pico Server | 1 Pico Server | 2026-04-16 | N/A |
| Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences. | ||||
| CVE-2005-1406 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. | ||||