Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3404 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
CVE-2005-3406 1 Butterfat 1 Phpesp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-3408 1 Greg Neustaetter 1 Gcards 2026-04-16 N/A
SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.
CVE-2005-3411 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.
CVE-2006-2101 1 Winiso Computing 1 Winiso 2026-04-16 N/A
Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
CVE-2006-3392 2 Usermin, Webmin 2 Usermin, Webmin 2026-04-16 N/A
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
CVE-2005-3412 1 Elite Forum 1 Elite Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.
CVE-2005-3415 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
CVE-2005-3416 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.
CVE-2005-3417 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
CVE-2005-3419 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
CVE-2005-3420 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
CVE-1999-1120 1 Sgi 1 Irix 2026-04-16 N/A
netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.
CVE-2005-3421 1 Hyper Estraier 1 Hyper Estraier 2026-04-16 N/A
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
CVE-2005-3424 1 Gnu 1 Gnump3d 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVE-2005-3425 1 Gnu 1 Gnump3d 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
CVE-2005-3508 1 Galerie 1 Galerie 2026-04-16 N/A
SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.
CVE-2005-3510 2 Apache, Redhat 4 Tomcat, Certificate System, Network Satellite and 1 more 2026-04-16 N/A
Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.
CVE-2006-3420 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-3421 1 Smartsitecms 1 Smartsitecms 2026-04-16 N/A
PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the root parameter in (1) comment.php, (2) admin/comedit.php, (3) admin/test.php, (4) admin/index.php, and (5) admin/include/inc_adminfoot.php, a different set of vectors than CVE-2006-3162.