Export limit exceeded: 344983 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344983 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344983 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | ||||
| CVE-2005-2048 | 1 Duware | 1 Duforum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0. | ||||
| CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2026-04-16 | N/A |
| Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | ||||
| CVE-2005-2054 | 1 Realnetworks | 2 Realone Player, Realplayer | 2026-04-16 | N/A |
| Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file. | ||||
| CVE-2006-1831 | 1 Coder-world | 1 Sysinfo | 2026-04-16 | N/A |
| Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a systemdoc action, which is injected into phpinfo.php. | ||||
| CVE-2006-1832 | 1 Coder-world | 1 Sysinfo | 2026-04-16 | N/A |
| sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. | ||||
| CVE-2006-1833 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | ||||
| CVE-2006-1834 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack easier with shorter strings. | ||||
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | ||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | ||||
| CVE-2005-2070 | 1 Sendmail | 1 Sendmail | 2026-04-16 | N/A |
| The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. | ||||
| CVE-2006-1835 | 1 Vincent Hor | 2 Calendarix, Calendarix Advanced | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. | ||||
| CVE-2005-2089 | 1 Microsoft | 1 Internet Information Services | 2026-04-16 | N/A |
| Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes IIS to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2006-1837 | 1 Clanscripte.net | 1 Fuju News | 2026-04-16 | N/A |
| SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. | ||||
| CVE-2006-1838 | 1 Clanscripte.net | 1 Fuju News | 2026-04-16 | N/A |
| edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. | ||||
| CVE-2006-1841 | 1 Kailash Nadh | 1 Boastmachine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in boastMachine (bMachine) 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field. | ||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2026-04-16 | N/A |
| Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | ||||
| CVE-2005-2105 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | ||||
| CVE-2005-2107 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. | ||||
| CVE-2005-2114 | 2 Mozilla, Redhat | 4 Camino, Firefox, Mozilla and 1 more | 2026-04-16 | N/A |
| Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | ||||