Total
29930 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4470 | 1 Blender | 1 Blenloader | 2026-04-16 | N/A |
| Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. | ||||
| CVE-2005-4545 | 1 Netdirect | 1 Shopengine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2002-1889 | 1 Logsurfer | 1 Logsurfer | 2026-04-16 | N/A |
| Off-by-one buffer overflow in the context_action function in context.c of Logsurfer 1.41 through 1.5a allows remote attackers to cause a denial of service (crash) via a malformed log entry. | ||||
| CVE-2005-4521 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php. | ||||
| CVE-2005-4599 | 1 Moxiecode | 1 Tinymce Compressor Php | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter. | ||||
| CVE-2005-4608 | 1 Incogen | 1 Bugport | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters. | ||||
| CVE-2005-4702 | 1 Ipbproarcade | 1 Ipbproarcade | 2026-04-16 | N/A |
| SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430. | ||||
| CVE-2005-4690 | 1 Six Apart | 1 Movable Type | 2026-04-16 | N/A |
| Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types. | ||||
| CVE-2005-4787 | 1 Turnkey Solutions | 1 Sunshop Shopping Cart | 2026-04-16 | N/A |
| Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via a phpinfo action to (1) index.php, (2) admin/index.php, and (3) admin/adminindex.php, which executes the PHP phpinfo function. NOTE: The vendor has disputed this issue, saying that "Having this in the code makes it easier for us to troubleshoot when issues arise on individual carts. For someone to have a script to do this type of search would require that they know where your shop is actually located. I dont think it really can be construde [sic] as a security issue. | ||||
| CVE-2005-4815 | 1 Sap | 1 Sap R 3 | 2026-04-16 | N/A |
| SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln." | ||||
| CVE-2005-4817 | 1 Tmsnc | 1 Tmsnc | 2026-04-16 | N/A |
| Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function. | ||||
| CVE-2006-0055 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable filenames and does not confirm which file is being written, which allows local users to overwrite arbitrary files via a symlink attack when ee invokes ispell. | ||||
| CVE-2006-0065 | 1 Vego | 1 Vego Web Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in (1) functions.php, (2) functions_update.php, and (3) functions_display.php in VEGO Web Forum 1.26 and earlier allows remote attackers to execute arbitrary SQL commands via the theme_id parameter in index.php. | ||||
| CVE-2006-0102 | 1 Ralph Capper | 1 Tinyphpforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and earlier allows remote attackers to inject arbitrary web script via a javascript: scheme in an "[a]" bbcode tag, possibly the txt parameter to action.php. | ||||
| CVE-2006-0348 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0422 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors. | ||||
| CVE-2006-0441 | 1 Karjasoft | 1 Sami Ftp Server | 2026-04-16 | N/A |
| Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | ||||
| CVE-2006-0484 | 1 Elido | 1 Face Control | 2026-04-16 | N/A |
| Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p. | ||||
| CVE-2006-0475 | 1 Theworldsend.net | 1 Php-ping | 2026-04-16 | N/A |
| PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter. | ||||
| CVE-2006-0644 | 1 Cpg-nuke | 1 Dragonfly Cms | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in install.php in CPG-Nuke Dragonfly CMS (aka CPG Dragonfly CMS) 9.0.6.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in (1) the newlang parameter and (2) the installlang parameter in a cookie, as demonstrated by using error.php to insert malicious code into a log file, or uploading a malicious .png file, which is then included using install.php. | ||||