Search Results (363915 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3000 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters.
CVE-2006-2521 1 Accomplishtechnology 1 Phpmydirectory 2026-04-16 N/A
PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter.
CVE-2005-3002 1 Xclusive-software 1 Mccs 2026-04-16 N/A
Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet.
CVE-2006-1939 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors.
CVE-2006-3333 1 Phpoutsourcing 1 Zorum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.
CVE-2005-3004 1 Interakt 1 Mx Shop 2026-04-16 N/A
SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_prd parameters to the pages module in index.php.
CVE-2006-1940 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows remote attackers to cause a denial of service (abort) via the SNDCP dissector.
CVE-2005-3020 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
CVE-2005-3022 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php.
CVE-2006-1941 1 Neon Software 1 Neon Responder 2026-04-16 N/A
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.
CVE-2005-3023 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.
CVE-2001-1543 1 Axis 5 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 2 more 2026-04-16 N/A
Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.
CVE-2006-3336 1 Twiki 1 Twiki 2026-04-16 N/A
TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the upload filter and execute arbitrary code via filenames with double extensions such as ".php.en", ".php.1", and other allowed extensions that are not .txt. NOTE: this is only a vulnerability when the server allows script execution in the pub directory.
CVE-2005-3024 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
CVE-2005-3026 1 Alstrasoft 1 Epay 2026-04-16 N/A
Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter.
CVE-2005-3030 1 Ahnlab 3 V3 Virusblock 2005, V3net, V3pro 2004 2026-04-16 N/A
Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive.
CVE-2005-3031 1 Cambridge Computer Corporation 1 Vxftpsrv 2026-04-16 N/A
Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute arbitrary code via a long USER name.
CVE-2006-1942 3 K-meleon Project, Mozilla, Netscape 3 K-meleon, Firefox, Navigator 2026-04-16 N/A
Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page."
CVE-2005-3034 1 Compuware 1 Driverstudio 2026-04-16 N/A
Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session.
CVE-2006-1944 1 Sibsoft 1 Communimail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi.