Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1652 1 Woppoware 1 Postmaster 2025-04-03 N/A
message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter.
CVE-2006-2169 1 Best Practical Solutions 1 Request Tracker 2025-04-03 N/A
RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message.
CVE-2005-1653 1 Woppoware 1 Postmaster 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2006-2177 1 Bitdamaged 1 Geoblog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-2186 1 Zenphoto 1 Zenphoto 2025-04-03 N/A
zenphoto 1.0.1 beta and earlier allow remote attackers to obtain sensitive information via a direct request for the (1) /photos/themes/default/ and (2) /photos/themes/testing/ URIs, which reveals the path in an error message.
CVE-2006-2187 1 Zenphoto 1 Zenphoto 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php.
CVE-2006-2189 1 Servous 1 Sblog 2025-04-03 N/A
SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135.
CVE-2006-2196 1 Jochen Friedrich 1 Pinball 2025-04-03 N/A
Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.
CVE-2005-1662 1 Jeuce 1 Jeuce Personal Web Server 2025-04-03 N/A
Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2006-2237 1 Awstats 1 Awstats 2025-04-03 N/A
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
CVE-2006-2226 1 Dxmsoft 1 Xm Easy Personal Ftp Server 2025-04-03 N/A
Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command.
CVE-2005-1663 1 Jeuce 1 Jeuce Personal Web Server 2025-04-03 N/A
Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://".
CVE-2006-2234 1 Tyrocms 1 Tyrocms 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) a javascript URI in an img BBCode tag, or a JavaScript event in a (2) url BBCode tag or (3) color BBCode tag.
CVE-2006-2233 1 Banktown 1 Btcxctl20com Activex Control 2025-04-03 N/A
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBannerUrl. NOTE: portions of these details are obtained from third party information.
CVE-2005-1670 1 Extremenetworks 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos 2025-04-03 N/A
Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands.
CVE-2006-2244 1 Web4future 1 News Portal 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Web4Future News Portal allow remote attackers to execute arbitrary SQL commands via the ID parameter to (1) comentarii.php or (2) view.php.
CVE-2006-2246 1 Uapplication 1 Ublog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition allows remote attackers to inject arbitrary web script or HTML via text fields when adding a blog entry.
CVE-2006-2247 1 Webcalendar 1 Webcalendar 2025-04-03 N/A
WebCalendar 1.0.1 to 1.0.3 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.
CVE-2006-2254 1 Intervations 1 Filecopa 2025-04-03 N/A
Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters.
CVE-2005-1671 1 Yahoo 1 Messenger 2025-04-03 N/A
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.