Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-2173 1 Filezilla 1 Filezilla Server 2026-04-16 N/A
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer.
CVE-2005-3655 1 Novell 1 Open Enterprise Server 2026-04-16 N/A
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
CVE-2005-3826 1 Ezy Helpdesk 1 Ezyhelpdesk 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.
CVE-2005-3827 1 Agileco 1 Agilebill 2026-04-16 N/A
SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2243 1 Web4future 1 News Portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to (1) comentarii.php or (2) view.php. NOTE: this issue might be resultant from SQL injection.
CVE-2005-3829 1 Activecampaign 1 Knowledgebuilder 2026-04-16 N/A
index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.
CVE-2005-3836 1 Desklance 1 Desklance 2026-04-16 N/A
SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter.
CVE-2005-3842 1 Pdjkeelan.com 1 Pdjk-support Suite 2026-04-16 N/A
SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters.
CVE-2005-3852 1 Onlinetechtools.com 1 Owos Lite 2026-04-16 N/A
SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
CVE-2006-2247 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2005-3853 1 Solucija 1 Snews 2026-04-16 N/A
SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.
CVE-2005-3870 1 Edmobbs 1 Edmobbs 2026-04-16 N/A
Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.
CVE-2005-3871 1 Jbb 1 Jbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.
CVE-2005-3875 1 Enterprise Heart 1 Enterprise Connector 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
CVE-2005-3878 1 Alex King 1 Php Doc System 2026-04-16 N/A
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
CVE-2006-2261 1 Acal 1 Acal 2026-04-16 N/A
PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
CVE-2005-3884 1 Zainu 1 Zainu 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.
CVE-2005-3895 1 Otrs 1 Otrs 2026-04-16 N/A
Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download the attachment, which allows remote attackers to execute arbitrary web script or HTML. NOTE: this particular issue is referred to as XSS by some sources.
CVE-2005-3896 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
CVE-2006-2262 1 Singapore 1 Singapore 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter.