Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1172 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.
CVE-2006-0312 1 Mike Helton 1 Aoblogger 2026-04-16 N/A
create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1.
CVE-2000-0755 1 Hp 1 Openview Network Node Manager 2026-04-16 N/A
Vulnerability in the newgrp command in HP-UX 11.00 allows local users to gain privileges.
CVE-2006-0313 1 Pdfdirectory 1 Pdfdirectory 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5) title.php, (6) team.php, (7) stats.php, (8) page.php, (9) org.php, (10) member.php, (11) index.php, (12) group.php, or (13) anniv.php.
CVE-2005-1180 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.
CVE-2006-0315 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure.
CVE-2005-1187 1 X-ways Software Technology Ag 1 Winhex 2026-04-16 N/A
Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability.
CVE-2006-0322 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links."
CVE-2006-0324 1 Webspot 1 Webspotblogging 2026-04-16 N/A
SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php.
CVE-2005-1194 1 Redhat 3 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation 2026-04-16 N/A
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
CVE-2005-1197 1 Oracle 1 Database Server 2026-04-16 N/A
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.
CVE-2006-0332 1 Ecartis 1 Ecartis 2026-04-16 N/A
Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files.
CVE-2005-1198 1 Anaconda Partners 1 Foundation Directory 2026-04-16 N/A
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.
CVE-2006-0338 1 F-secure 4 F-secure Anti-virus, F-secure Internet Security, F-secure Personal Express and 1 more 2026-04-16 N/A
Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64 and earlier, allow remote attackers to hide arbitrary files and data via malformed (1) RAR and (2) ZIP archives, which are not properly scanned.
CVE-2005-1200 1 Azbb 1 Az Bulletin Board 2026-04-16 N/A
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
CVE-2005-1202 1 Egroupware 1 Egroupware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
CVE-2005-1212 1 Microsoft 7 Windows 2000, Windows 2000 Terminal Services, Windows 2003 Server and 4 more 2026-04-16 N/A
Buffer overflow in Microsoft Step-by-Step Interactive Training (orun32.exe) allows remote attackers to execute arbitrary code via a bookmark link file (.cbo, cbl, or .cbm extension) with a long User field.
CVE-2005-1226 1 Coppermine 1 Coppermine Photo Gallery 2026-04-16 N/A
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.
CVE-2005-1229 1 Gnu 1 Cpio 2026-04-16 N/A
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
CVE-2005-1233 1 Php Labs 1 Profile 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters.