Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3518 1 Punbb 1 Punbb 2026-04-16 N/A
SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.
CVE-2006-3424 1 Webex Communications 1 Webex Downloader Activex Control 2026-04-16 N/A
Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2005-3520 1 Mysource 1 Mysource 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php.
CVE-2005-3532 1 Double Precision Incorporated 1 Courier Mail Server 2026-04-16 N/A
authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows attackers to authenticate to the server using accounts that have been disabled.
CVE-2005-3535 1 Ketm 1 Ketm 2026-04-16 N/A
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.
CVE-2005-3536 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote attackers to execute arbitrary SQL commands via the topic type.
CVE-2006-3428 1 Tigertom Scripts 1 Ttcalc Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in (1) loan.php and (2) mortgage.php.
CVE-2005-3537 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
A "missing request validation" error in phpBB 2 before 2.0.18 allows remote attackers to edit private messages of other users, probably by modifying certain parameters or other inputs.
CVE-2005-3539 1 Hylafax 1 Hylafax 2026-04-16 N/A
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
CVE-2005-3546 1 F-secure 2 F-secure Anti-virus, Internet Gatekeeper 2026-04-16 N/A
suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege.
CVE-2005-3550 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter.
CVE-2005-3551 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.
CVE-2006-2114 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request.
CVE-2006-3429 1 Tigertom Scripts 1 Ttcalc Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows remote attackers to inject arbitrary web script or HTML via the currency parameter in (1) loan.php and (2) mortgage.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-3555 1 Tincan 1 Phplist 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
CVE-2006-2115 1 Sws 1 Sws Simple Web Server 2026-04-16 N/A
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.
CVE-2006-2116 1 Planet Concept 1 Planetgallery 2026-04-16 N/A
planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php.
CVE-2006-2118 1 Jmk Web Scripts 1 Jmk Picture Gallery 2026-04-16 N/A
JMK's Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action.
CVE-2006-2121 1 I-rater 1 I-rater Platinum 2026-04-16 N/A
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.
CVE-2005-3556 1 Tincan 1 Phplist 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php.