Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0626 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
CVE-2005-0632 1 Phpnews 1 Phpnews 2026-04-16 N/A
PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter.
CVE-2006-1407 1 Webhost Automation 1 Helm Web Hosting Control Panel 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) txtDomainName parameter to domains.asp or (2) SearchText or (3) UserLevel parameters to default.asp.
CVE-2005-0635 1 Foxmail 1 Foxmail Email Server 2026-04-16 N/A
Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.
CVE-2005-0643 1 Mcafee 1 Antivirus Engine 2026-04-16 N/A
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files.
CVE-2006-1408 1 Vavoom 1 Vavoom 2026-04-16 N/A
Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via (1) a packet with no data or (2) a large packet, which prevents Vavoom from discarding the packet from the socket.
CVE-2005-0648 1 Pixel-apes Group 1 Safehtml 2026-04-16 N/A
Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."
CVE-2006-1412 1 Tft Gallery 1 Tft Gallery 2026-04-16 N/A
TFT Gallery 0.10 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the admin password file and obtain password hashes via a direct request to admin/passwd.
CVE-2005-0649 1 Pixel-apes Group 1 Safehtml 2026-04-16 N/A
Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."
CVE-2005-0654 1 Gimp 1 Gimp 2026-04-16 N/A
gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero.
CVE-2006-1413 1 Htmljunction 1 Ezhomepagepro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) adid or (2) aname parameter in (a) common/email.asp, (b) users/users_search.asp, or (c) users/users_profiles.asp; (3) page parameter in (d) users/users_calendar.asp; (4) usid parameter in (e) users/users_mgallery.asp; or (5) m parameter in (f) users/users_search.asp.
CVE-2005-0658 1 Cmw Linklist 1 Cmw Linklist 2026-04-16 N/A
SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.
CVE-2006-1415 1 Dotnetbb 1 Dotnetbb Forums 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB 2.42EC SP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the em parameter.
CVE-2005-0659 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.
CVE-2005-0660 1 Adalis 1 D-forum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.
CVE-2005-0661 1 Woltlab 1 Burning Board 2026-04-16 N/A
SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.
CVE-2005-0666 1 The Pax Team 1 Pax Linux 2026-04-16 N/A
Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code.
CVE-2001-0499 1 Oracle 1 Oracle8i 2026-04-16 N/A
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
CVE-2006-1417 1 Caloris Planitia Technologies 1 Web Quiz Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp.
CVE-2005-0669 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module.