Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0675 1 Glen Campbell 1 Siteframe 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2004-1691 1 Rhinosoft 1 Dns4me 2026-04-16 N/A
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
CVE-2006-0669 1 Gasoft 1 Gas Forum Light 2026-04-16 N/A
Multiple SQL injection vulnerabilities in archive.asp in GA's Forum Light allow remote attackers to execute arbitrary SQL commands via the (1) Forum and (2) pages parameter. NOTE: SecurityTracker says that the vendor has disputed this issue, saying that GA Forum Light does not use an SQL database. SecurityTracker's research indicates that the original problem could be due to a vbscript parsing error based on invalid arguments
CVE-2006-0668 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in message.php in the espace_membre module. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-1999-0301 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in SunOS/Solaris ps command.
CVE-2006-0667 1 Ibm 1 Aix 2026-04-16 N/A
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
CVE-2006-0559 1 Mcafee 1 Webshield Smtp 2026-04-16 N/A
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.
CVE-2006-0567 1 Curtis Farnham 1 Files Xaraya Module 2026-04-16 N/A
Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".." (dot dot) sequences.
CVE-2005-1839 1 Liberum 1 Liberum Help Desk 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp.
CVE-2005-1840 1 Phpcms 1 Phpcms 2026-04-16 N/A
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.
CVE-2005-1842 1 Adobe 1 Version Cue 2026-04-16 N/A
VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.
CVE-2005-1864 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter.
CVE-2005-1865 1 Vincent Hor 1 Calendarix Advanced 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 allow remote attackers to execute arbitrary SQL commands via the catview parameter to (1) cal_week.php, (2) cal_cat.php, or (3) cal_day.php, or (4) id parameter to cal_pophols.php.
CVE-2005-1869 1 Appindex 1 Mwchat 2026-04-16 N/A
PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter.
CVE-2005-1882 1 Yapig 1 Yapig 2026-04-16 N/A
PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter.
CVE-2005-1885 1 Yapig 1 Yapig 2026-04-16 N/A
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.
CVE-2005-1893 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message.
CVE-2006-0588 1 Jaia Interactive 1 Mytopix 2026-04-16 N/A
SQL injection vulnerability in search.php in MyTopix 1.2.3 allows remote attackers to execute arbitrary SQL commands via the (1) mid and (2) keywords parameters.
CVE-2005-1916 2 Debian, Ekg Project 2 Debian Linux, Ekg 2026-04-16 5.5 Medium
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.
CVE-2006-0591 2 Redhat, Solar Designer 2 Enterprise Linux, Crypt Blowfish 2026-04-16 N/A
The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.