Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0185 1 Php-nuke 2 News Module, Pool Module 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
CVE-2000-0724 1 Helix Code 1 Go-gnome Pre-installer 2026-04-16 N/A
The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
CVE-2006-0189 1 Estara 1 Softphone 2026-04-16 N/A
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
CVE-2005-0853 1 Betaparticle 1 Betaparticle Blog 2026-04-16 N/A
betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.
CVE-2006-0190 1 Sun 1 Solaris 2026-04-16 N/A
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver.
CVE-2005-0855 1 Coolforum 1 Coolforum 2026-04-16 N/A
CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.
CVE-2006-0200 1 Php 1 Php 2026-04-16 N/A
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
CVE-2005-0868 4 Bosanova, Ibm, Mochasoft and 1 more 4 Launcher400, Client Access, Tn5250 and 1 more 2026-04-16 N/A
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
CVE-2005-0878 1 Mercuryboard 1 Mercuryboard Message Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message).
CVE-2006-0206 1 Light Weight Calendar 1 Light Weight Calendar 2026-04-16 N/A
Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php.
CVE-2005-0889 1 Dream4 1 Koobi Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter.
CVE-2002-1033 1 Sun 1 I-runbook 2026-04-16 N/A
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
CVE-2005-0910 1 E-xoops 1 E-xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
CVE-2005-0919 1 Adventia 2 Adventia Chat, Adventia Server Pro 2026-04-16 N/A
Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.
CVE-2005-0922 1 Symantec 3 Norton Antivirus, Norton Internet Security, Norton System Works 2026-04-16 N/A
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
CVE-2005-0928 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.
CVE-2006-0210 1 Interspire 1 Trackpoint Nx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page.
CVE-2006-0220 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. It is possible that this issue is resultant from an SQL injection problem in CVE-2005-4227.3 and CVE-2005-4227.13.
CVE-2006-0223 1 Topcmm Computing 1 123 Flash Chat Server 2026-04-16 N/A
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field.
CVE-2005-0958 1 Yepyep 1 Mtftpd 2026-04-16 N/A
Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.