Export limit exceeded: 345253 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345253 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1818 | 1 The War Forge | 1 Warforge.news | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) first_name and (2) last_name parameter in myaccounts.php. NOTE: portions of these details were obtained from third party sources instead of the original disclosure. | ||||
| CVE-2006-2195 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) templates/problem/problem.inc and (2) test.php. | ||||
| CVE-2005-2401 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag. | ||||
| CVE-2006-1819 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| Directory traversal vulnerability in the loadConfig function in index.php in phpWebSite 0.10.2 and earlier allows remote attackers to include arbitrary local files and execute arbitrary PHP code via the hub_dir parameter, as demonstrated by including access_log. NOTE: in some cases, arbitrary remote file inclusion could be performed under PHP 5 using an SMB share argument such as "\\systemname\sharename". | ||||
| CVE-2006-2196 | 1 Jochen Friedrich | 1 Pinball | 2026-04-16 | N/A |
| Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges. | ||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2026-04-16 | N/A |
| Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | ||||
| CVE-2006-1820 | 1 Modxcms | 1 Modxcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: this might be resultant from the directory traversal vulnerability. | ||||
| CVE-2005-2414 | 1 Xpcom | 1 Xpcom | 2026-04-16 | N/A |
| Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted. | ||||
| CVE-2006-1821 | 1 Modxcms | 1 Modxcms | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in ModX 0.9.1 allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the id parameter. | ||||
| CVE-2006-2198 | 3 Openoffice, Redhat, Sun | 3 Openoffice, Enterprise Linux, Staroffice | 2026-04-16 | N/A |
| OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | ||||
| CVE-2005-2419 | 1 Eci Telecom | 1 B-focus Router | 2026-04-16 | N/A |
| B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. | ||||
| CVE-2006-1822 | 1 Farsinews | 1 Farsinews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selected_search_arch parameter. | ||||
| CVE-2006-2203 | 1 Kerio | 1 Kerio Mailserver | 2026-04-16 | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | ||||
| CVE-2006-1823 | 1 Farsinews | 1 Farsinews | 2026-04-16 | N/A |
| Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message. | ||||
| CVE-2006-1824 | 1 Phpguestbook | 1 Phpguestbook | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpGuestbook.php in PhpGuestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Comment parameter. | ||||
| CVE-2006-1826 | 1 Snipegallery | 1 Snipe Gallery | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery 3.1.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in view.php, (2) keyword parameter in search.php, and (3) image_id parameter in image.php. NOTE: it is possible that vectors 1 and 3 are resultant from SQL injection. | ||||
| CVE-2005-2423 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-16 | N/A |
| Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message. | ||||
| CVE-2006-2452 | 1 Gnome | 1 Gdm | 2026-04-16 | N/A |
| GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the "face browser" feature is enabled, allows local users to access the "Configure Login Manager" functionality using their own password instead of the root password, which can be leveraged to gain additional privileges. | ||||
| CVE-2006-2204 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | ||||
| CVE-2005-2428 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696. | ||||