Total
29926 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-0824 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in lib-common.php in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to include arbitrary local files and execute arbitrary code via (1) absolute paths in unspecified parameters and (2) the language cookie, as demonstrated for code execution using error.log. | ||||
| CVE-2005-4802 | 1 Flexbackup | 1 Flexbackup | 2026-04-16 | N/A |
| Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is the correct number to use. | ||||
| CVE-2006-0823 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php. | ||||
| CVE-2005-4799 | 1 Yapig | 1 Yapig | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886. | ||||
| CVE-2006-0821 | 1 Bxcp | 1 Bxcp | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | ||||
| CVE-2005-4795 | 1 Sun | 1 Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2006-0816 | 1 Orionserver | 1 Orion Application Server | 2026-04-16 | N/A |
| Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL. | ||||
| CVE-2005-4794 | 1 Cisco | 7 Application And Content Networking Software, Ata, Ip Phone 7902 and 4 more | 2026-04-16 | N/A |
| Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset. | ||||
| CVE-2005-4781 | 1 Sergids | 1 Top Music Module | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php. | ||||
| CVE-2005-4772 | 1 Suse | 5 Suse Linux, Suse Linux Openexchange Server, Suse Linux School Server and 2 more | 2026-04-16 | N/A |
| liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. | ||||
| CVE-2005-4748 | 1 Vwar | 1 Virtual War | 2026-04-16 | N/A |
| PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors. NOTE: this issue has been referred to as XSS, but it is clear from the vendor description that it is a file inclusion problem. | ||||
| CVE-2006-0814 | 1 Lighttpd | 1 Lighttpd | 2026-04-16 | N/A |
| response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. | ||||
| CVE-2005-4743 | 1 Nelogic Technologies | 1 Nephp Publisher | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters. | ||||
| CVE-2005-4734 | 1 Rsa | 1 Authentication Agent For Web | 2026-04-16 | N/A |
| Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method. | ||||
| CVE-2005-4732 | 1 Tux Racer | 1 Tuxbank | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description parameters. | ||||
| CVE-2006-0812 | 1 Visnetic | 1 Visnetic Antivirus Plug-in For Mail Server | 2026-04-16 | N/A |
| The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. | ||||
| CVE-2005-4731 | 1 The Php Group | 1 Pear Html Quickform Controller | 2026-04-16 | N/A |
| The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors. | ||||
| CVE-2006-0811 | 1 Skate Board | 1 Skate Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. | ||||
| CVE-2005-4730 | 1 Pear | 1 Text Password | 2026-04-16 | N/A |
| Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds. | ||||
| CVE-2005-4727 | 1 Martin Bauer | 1 Gbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field. | ||||