Export limit exceeded: 367294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0324 1 Webspot 1 Webspotblogging 2026-04-16 N/A
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.
CVE-2006-0320 1 Bit 5 Blog 1 Bit 5 Blog 2026-04-16 N/A
SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter.
CVE-2006-0319 1 Farmers Wife 1 Farmers Wife 2026-04-16 N/A
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.
CVE-2006-0318 1 Insane Visions 1 Blogphp 2026-04-16 N/A
SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.
CVE-2006-0317 1 Redkernel 1 Referrer Tracker 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2006-0315 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
CVE-2006-0314 1 Pdfdirectory 1 Pdfdirectory 2026-04-16 N/A
PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities.
CVE-2006-0312 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
CVE-2006-0311 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2006-0310 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag.
CVE-2005-2462 1 Kayako 1 Liveresponse 2026-04-16 N/A
Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.
CVE-2001-1454 1 Oracle 1 Mysql 2026-04-16 N/A
Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.
CVE-2002-2193 1 Mojo Mail 1 Mojo Mail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 allows remote attackers to inject arbitrary web script via the email parameter.
CVE-2005-2465 2 Pc-experience, Toppe 2 Pc-experience, Toppe Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable.
CVE-2005-2467 1 Mysql 1 Eventum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.
CVE-2002-2202 1 Microsoft 1 Outlook Express 2026-04-16 N/A
Outlook Express 6.0 does not delete messages from dbx files, even when a user empties the Deleted items folder, which allows local users to read other users email.
CVE-2005-3303 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
CVE-2005-3677 1 Realnetworks 1 Realplayer 2026-04-16 N/A
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
CVE-2002-2208 2 Cisco, Extended Interior Gateway Routing Protocol 2 Ios, Extended Interior Gateway Routing Protocol 2026-04-16 N/A
Extended Interior Gateway Routing Protocol (EIGRP), as implemented in Cisco IOS 11.3 through 12.2 and other products, allows remote attackers to cause a denial of service (flood) by sending a large number of spoofed EIGRP neighbor announcements, which results in an ARP storm on the local network.
CVE-2005-2496 2 Dave Mills, Redhat 2 Ntpd, Enterprise Linux 2026-04-16 N/A
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.