Search Results (363821 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1836 1 Symantec 6 Liveupdate, Norton Antivirus, Norton Internet Security and 3 more 2026-04-16 N/A
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program.
CVE-2005-2546 1 Arab Portal 1 Arab Portal 2026-04-16 N/A
Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called.
CVE-2006-1839 1 Php Album 1 Php Album 2026-04-16 N/A
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists function call.
CVE-2005-2548 1 Linux 1 Linux Kernel 2026-04-16 N/A
vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd.
CVE-2005-2554 1 Network Associates 1 Epolicy Orchestrator Agent 2026-04-16 N/A
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory.
CVE-2005-2556 1 Mantis 1 Mantis 2026-04-16 N/A
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
CVE-2006-1842 1 Cynical Games 1 Shoutbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) NAME and (2) COMMENTS parameters.
CVE-2005-2558 2 Mysql, Oracle 2 Mysql, Mysql 2026-04-16 N/A
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a long function_name field.
CVE-2005-2561 1 Myfaq 1 Myfaq 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3.
CVE-2005-2562 1 Gravity Board X Development Team 1 Gravity Board X 2026-04-16 N/A
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
CVE-2006-1847 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 might allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the Your_Home functionality. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-2566 1 Openbb 1 Openbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php.
CVE-2005-2567 1 Syscp Team 1 Syscp 2026-04-16 N/A
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
CVE-2005-2574 1 Xmb Forum 1 Xmb 2026-04-16 N/A
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
CVE-2006-1850 1 Skymarx Solutions 1 Xflow 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) level, (2) position, (3) id, and (4) action parameters to members_only/index.cgi, and the (5) page parameter to customer_area/index.cgi.
CVE-2005-2584 1 Mentor 1 Adslfr4ii 2026-04-16 N/A
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.
CVE-2005-2587 1 Phptb 1 Topic Boards 2026-04-16 N/A
SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-1999-0758 1 Netscape 2 Enterprise Server, Fasttrack Server 2026-04-16 N/A
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.
CVE-2005-2591 1 Parlano 1 Mindalign 2026-04-16 N/A
Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability.
CVE-2005-2598 1 Dokeos 1 Dokeos 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Dokeos 1.6 and earlier, and possibly Claroline, allow remote attackers to (1) delete arbitrary files or directories via the delete parameter to claroline/scorm/scormdocument.php, (2) move arbitrary files via the move_to and move_file parameters to claroline/document/document.php, or determine the existence of arbitrary files via the file parameter to (3) claroline/scorm/showinframes.php or (4) claroline/scorm/contents.php.