Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4794 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string (PATH_INFO) in (1) contact.php, (2) download.php, (3) admin.php, (4) fpw.php, (5) news.php, (6) search.php, (7) signup.php, (8) submitnews.php, and (9) user.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-3048 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
CVE-2005-3049 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
CVE-2006-4797 1 Cj Design 1 Cj Tag Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter.
CVE-2005-2188 1 Mcafee 1 Intrushield Security Management System 2026-04-16 N/A
McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.
CVE-2006-2616 1 Alstrasoft 1 Webhost Directory 2026-04-16 N/A
SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter.
CVE-2005-2194 1 Apple 1 Mac Os X 2026-04-16 N/A
Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.
CVE-2005-3060 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.
CVE-2006-2634 1 Neocrome 1 Seditio 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field.
CVE-2005-3064 1 Multitheftauto 1 Multitheftauto 2026-04-16 N/A
MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).
CVE-2005-3068 1 Eric Integrated Development Environment 1 Eric Integrated Development Environment 2026-04-16 N/A
Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit."
CVE-2005-3069 1 Hylafax 1 Hylafax 2026-04-16 N/A
xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
CVE-2006-4802 1 Symantec 2 Client Security, Norton Antivirus 2026-04-16 N/A
Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor.
CVE-2005-2240 1 Xpvm 1 Xpvm 2026-04-16 N/A
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
CVE-2005-3070 1 Hylafax 1 Hylafax 2026-04-16 N/A
HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
CVE-2006-2648 1 Aspbb 1 Aspbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in perform_search.asp for ASPBB 0.52 and earlier allows remote attackers to inject arbitrary HTML or web script via the search parameter.
CVE-2005-3071 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
CVE-2006-4822 1 Emusoft 1 Emucms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.php in eMuSOFT emuCMS 0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) page parameters.
CVE-2005-3072 1 Interchange Development Group 1 Interchange 2026-04-16 N/A
SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-3229 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.