Search Results (363674 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0457 1 Bg Guestbook 1 Bg Guestbook 2026-04-16 N/A
Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.
CVE-2001-0947 1 Valicert 1 Enterprise Validation Authority 2026-04-16 N/A
Forms.exe CGI program in ValiCert Enterprise Validation Authority (EVA) 3.3 through 4.2.1 allows remote attackers to determine the real pathname of the server by requesting an invalid extension, which produces an error page that includes the path.
CVE-2001-0932 1 Cooolsoft 1 Powerftp 2026-04-16 N/A
Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long command.
CVE-2005-1146 1 Calendarscript 1 Calendarscript 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145
CVE-2005-1145 1 Calendarscript 1 Calendarscript 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146
CVE-2005-1143 1 Easyphpcalendar 1 Easyphpcalendar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter.
CVE-2002-0450 1 Talentsoft 1 Web\+ Server 2026-04-16 N/A
Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attackers to execute arbitrary code via a long Web Markup Language (wml) file name to (1) webplus.dll or (2) webplus.exe.
CVE-2005-1140 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
CVE-2006-3214 1 Hitachi 2 Groupmax Address Server, Groupmax Mail Server 2026-04-16 N/A
Unspecified vulnerability in Hitachi Groupmax Address Server 7 and earlier, and Groupmax Mail Server 7 and earlier allows remote attackers to cause a denial of service (product "stop") via unspecified vectors involving "unexpected requests".
CVE-2006-1761 1 Blursoft 1 Blur6ex 2026-04-16 N/A
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name.
CVE-2006-1563 1 Vscripts 1 Vbook 2026-04-16 N/A
Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts.
CVE-2005-1139 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 8 Beta 3, when using first-generation vetted digital certificates, displays the Organizational information of an SSL certificate, which is easily spoofed and can facilitate phishing attacks.
CVE-2001-0911 2 Francisco Burzi, Postnuke Software Foundation 2 Php-nuke, Postnuke 2026-04-16 N/A
PHP-Nuke 5.1 stores user and administrator passwords in a base-64 encoded cookie, which could allow remote attackers to gain privileges by stealing or sniffing the cookie and decoding it.
CVE-2005-1137 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.
CVE-2006-1561 1 Vscripts 1 Vbook 2026-04-16 N/A
SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote attackers to execute arbitrary SQL commands via the x parameter.
CVE-2005-1129 1 Egroupware 1 Egroupware 2026-04-16 N/A
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
CVE-2005-0829 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
CVE-2005-0835 1 Belkin 1 54g Wireless Router 2026-04-16 N/A
The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors.
CVE-2001-0602 1 Lotus 1 Domino R5 Server 2026-04-16 N/A
Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a denial of service via repeated (>400) URL requests for DOS devices.
CVE-2005-0837 1 Icecast 1 Icecast 2026-04-16 N/A
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).