Export limit exceeded: 345210 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345210 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345210 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345210 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1737 | 1 Astaro | 1 Security Linux | 2026-04-16 | N/A |
| Astaro Security Linux 2.016 creates world-writable files and directories, which allows local users to overwrite arbitrary files. | ||||
| CVE-2006-2807 | 1 Aspwebsoft | 1 Speedy Asp Discussion Forum | 2026-04-16 | N/A |
| ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp. | ||||
| CVE-2005-1511 | 1 Pwsphp | 1 Pwsphp | 2026-04-16 | N/A |
| PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie. | ||||
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | ||||
| CVE-2005-1631 | 1 Booby | 1 Booby | 2026-04-16 | N/A |
| booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs. | ||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | ||||
| CVE-2006-2810 | 1 Belchior Foundry | 1 Vcard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Belchior Foundry vCard 2.9 allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) toprated.php and (2) newcards.php. NOTE: the card_id vector is already covered by CVE-2006-1230. | ||||
| CVE-2006-2935 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2026-04-16 | N/A |
| The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | ||||
| CVE-2006-2811 | 1 Cantico | 1 Ovidentia | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Cantico Ovidentia 5.8.0 allow remote attackers to execute arbitrary PHP code via a URL in the babInstallPath parameter in (1) index.php, (2) topman.php, (3) approb.php, (4) vacadmb.php, (5) vacadma.php, (6) vacadm.php, (7) statart.php, (8) search.php, (9) posts.php, (10) options.php, (11) login.php, (12) frchart.php, (13) flbchart.php, (14) fileman.php, (15) faq.php, (16) event.php, (17) directory.php, (18) articles.php, (19) artedit.php, (20) calday.php, and additional unspecified PHP scripts. NOTE: the utilit.php vector is already covered by CVE-2005-1964. | ||||
| CVE-2006-2814 | 1 Ishopcart | 1 Ishopcart | 2026-04-16 | N/A |
| Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data. | ||||
| CVE-2006-2936 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up to 2.6.17, and possibly later versions, allows local users to cause a denial of service (memory consumption) by writing more data to the serial port than the hardware can handle, which causes the data to be queued. | ||||
| CVE-2006-2943 | 1 Cgi-rescue | 1 Webform | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2944 | 1 Cgi-rescue | 1 Form2mail | 2026-04-16 | N/A |
| Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier allows remote attackers to inject email headers, which facilitates sending spam messages. NOTE: the details for this issue are obtained from third party information. | ||||
| CVE-2006-2945 | 1 Andreas Gohr | 1 Dokuwiki | 2026-04-16 | N/A |
| Unspecified vulnerability in the user profile change functionality in DokuWiki, when Access Control Lists are enabled, allows remote authenticated users to read unauthorized files via unknown attack vectors. | ||||
| CVE-2006-2946 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a stores _includes/bd.inc under the web root with insufficient access control, which allows remote attackers to obtain database username and password information. | ||||
| CVE-2006-2947 | 1 Dmx Forum | 1 Dmx Forum | 2026-04-16 | N/A |
| Dmx Forum 2.1a allows remote attackers to obtain username and password information via a direct request to pops/edit.php with a modified membre parameter. | ||||
| CVE-2006-2815 | 1 Two Shoes Mambo Factory | 1 Simpleboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes M-Factory (TSMF) SimpleBoard 1.1.0 Stable (aka com_simpleboard), as used in Mambo and Joomla!, allow remote attackers to inject arbitrary web script or HTML via (1) the Name field in "post ne topic" in the Frontend, (2) the Title (aka Community-Title) field in Simpleboard Configuration in the Backend Admin Panel, and the (3) Name (aka Forum-Title) and (4) Name (aka Category-Title) fields in Simpleboard Administration in the Backend Admin Panel. NOTE: some sources have stated that the sb_authorname parameter is affected, but it is unclear which field is related to it. | ||||
| CVE-2006-2948 | 1 Alan Ward | 1 A-cart | 2026-04-16 | N/A |
| A-CART 2.0 stores the acart2_0.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain username and password information. | ||||
| CVE-2006-2949 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the do parameter. | ||||
| CVE-2002-1812 | 1 Gdam | 1 Gdam | 2026-04-16 | N/A |
| Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter. | ||||