Search Results (363618 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0670 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.
CVE-2006-1418 1 Caloris Planitia Technologies 1 E-school Management System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2005-0674 1 Php Arena 1 Pabox 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.
CVE-2005-0678 1 Stadtaus 1 Form Mail Script 2026-04-16 N/A
PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code.
CVE-2005-0682 1 Drupal 1 Drupal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.
CVE-2006-1420 1 Arabless 1 Saphplesson 2026-04-16 N/A
SQL injection vulnerability in print.php in SaphpLesson 2.0 allows remote attackers to execute arbitrary SQL commands via the lessid parameter.
CVE-2005-0693 1 Jowood Productions 1 Chaser 2026-04-16 N/A
Buffer overflow in JoWood Chaser 1.50 and earlier allows remote attackers to cause a denial of service (client or server crash) and execute arbitrary code via a long nickname.
CVE-2005-0694 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv.
CVE-2006-1425 1 Phpmyfamily 1 Phpmyfamily 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
CVE-2005-0695 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.
CVE-2006-1429 1 Fusionzone 1 Classifiedzone 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter.
CVE-2005-0699 4 Altlinux, Conectiva, Ethereal Group and 1 more 6 Alt Linux, Linux, Ethereal and 3 more 2026-04-16 N/A
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
CVE-2006-1430 1 Controlzx 1 Hms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to shared_order.php, (3) plan_id parameter to customers/server_management.php, and (4) email field to customers/forgotpass.php.
CVE-2006-1436 1 Upoint 1 At1 Event Publisher 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm.
CVE-2001-0528 1 Oracle 1 E-business Suite 2026-04-16 N/A
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
CVE-2006-1440 1 Apple 1 Mac Os X 2026-04-16 N/A
BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite arbitrary files via an archive that contains symbolic links.
CVE-2006-1441 1 Apple 1 Mac Os X 2026-04-16 N/A
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
CVE-2006-1444 1 Apple 1 Mac Os X 2026-04-16 N/A
CoreGraphics in Apple Mac OS X 10.4.6, when "Enable access for assistive devices" is on, allows an application to bypass restrictions for secure event input and read certain events from other applications in the same window session by using Quartz Event Services.
CVE-2002-1338 1 Microsoft 1 Office Web Components 2026-04-16 N/A
The Load method in the Chart component of Office Web Components (OWC) 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files.
CVE-2006-1445 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."