Total
29907 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3023 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php. | ||||
| CVE-2005-3025 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php. | ||||
| CVE-2006-2496 | 1 Novell | 2 Edirectory, Imonitor | 2026-04-16 | N/A |
| Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | ||||
| CVE-2006-2500 | 1 Xfairguy | 1 Codeavalanche News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and if it is expected behavior for administrators to be able to generate HTML, then this is not a vulnerability. | ||||
| CVE-2005-3042 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2026-04-16 | N/A |
| miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). | ||||
| CVE-2005-3052 | 1 Jportal | 1 Jportal Web Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php. | ||||
| CVE-2006-2522 | 1 Dayfox Designs | 1 Dayfox Blog | 2026-04-16 | N/A |
| Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | ||||
| CVE-2005-3073 | 1 Interchange Development Group | 1 Interchange | 2026-04-16 | N/A |
| Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page. | ||||
| CVE-2005-3090 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557. | ||||
| CVE-2005-3103 | 1 Six Apart | 1 Movable Type | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form fields in new blog entries. | ||||
| CVE-2005-3111 | 1 Debian | 1 Backupninja | 2026-04-16 | N/A |
| The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack. | ||||
| CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | ||||
| CVE-2005-3116 | 1 Symantec Veritas | 1 Netbackup | 2026-04-16 | N/A |
| Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet. | ||||
| CVE-2005-3133 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly earlier versions, allows remote attackers to (1) delete arbitrary files or directories via a relative path to the id parameter to logout.html or (2) include arbitrary PHP files or other files via the helpid parameter to help.html. | ||||
| CVE-2005-3141 | 1 Cerulean Studios | 1 Trillian | 2026-04-16 | N/A |
| Cerulean Studios Trillian 3.0 allows remote attackers to cause a denial of service (crash) via a reverse direct connection from a different client, as demonstrated using LICQ. | ||||
| CVE-2006-2573 | 1 Dian Gemilang | 1 Dgbook | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-3147 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2026-04-16 | N/A |
| StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information. | ||||
| CVE-2006-2586 | 1 Iplogger | 1 Iplogger | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the HTTP_REFERER header in an HTTP request. | ||||
| CVE-2005-3150 | 1 Weex | 1 Weex | 2026-04-16 | N/A |
| Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, 2.6.1, and possibly other versions allows remote FTP servers to execute arbitrary code via format strings in filenames. | ||||
| CVE-2005-3184 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value. | ||||