Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0907 | 1 Valdersoft | 1 Shopping Cart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php. | ||||
| CVE-2005-3970 | 1 Mxchange | 1 Mxchange | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2006-4272 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Jelsoft vBulletin 3.5.4 allows remote attackers to register multiple arbitrary users and cause a denial of service (resource consumption) via a large number of requests to register.php. NOTE: the vendor has disputed this vulnerability, stating "If you have the CAPTCHA enabled then the registrations wont even go through. ... if you are talking about the flood being allowed in the first place then surely this is something that should be handled at the server level. | ||||
| CVE-2005-0933 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. | ||||
| CVE-2005-3971 | 1 Citrix | 2 Metaframe Secure Access Manager, Nfuse | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field. | ||||
| CVE-2006-0657 | 1 Softcomplex | 1 Php Event Calendar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the (1) username and (2) password parameters, which are not sanitized before being written to users.php. NOTE: while this issue was originally reported as XSS, the primary issue might be direct static code injection with resultant XSS. | ||||
| CVE-2006-4280 | 1 Mambo | 1 Anjel Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in anjel.index.php in ANJEL (formerly MaMML) Component (com_anjel) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: this issue has been disputed by a third party, who says that $mosConfig_absolute_path is set in a configuration file | ||||
| CVE-2005-0948 | 1 Iatek | 1 Portalapp | 2026-04-16 | N/A |
| SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter. | ||||
| CVE-2005-0949 | 1 Iatek | 1 Portalapp | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter. | ||||
| CVE-2006-4283 | 1 Solmetra | 1 Spaw Editor | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php. | ||||
| CVE-2005-0950 | 1 Faststone | 1 4in1 Browser | 2026-04-16 | N/A |
| Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL. | ||||
| CVE-2005-1034 | 1 Netwin | 1 Surgeftp | 2026-04-16 | N/A |
| SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | ||||
| CVE-2005-0968 | 1 Broadcom | 1 Etrust Intrusion Detection | 2026-04-16 | N/A |
| Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API. | ||||
| CVE-2005-0973 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments. | ||||
| CVE-2005-0974 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments. | ||||
| CVE-2005-0971 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments. | ||||
| CVE-2006-4287 | 2 Nes Game, Nes System | 2 Nes Game, Nes System | 2026-04-16 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in NES Game and NES System c108122 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) phphtmllib parameter to (a) phphtmllib/includes.php; tag_utils/ scripts including (b) divtag_utils.php, (c) form_utils.php, (d) html_utils.php, and (e) localinc.php; and widgets/ scripts including (f) FooterNav.php, (g) HTMLPageClass.php, (h) InfoTable.php, (i) localinc.php, (j) NavTable.php, and (k) TextNav.php. | ||||
| CVE-2005-0996 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | ||||
| CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2006-0681 | 1 Power Daemon | 1 Power Daemon | 2026-04-16 | N/A |
| Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable. | ||||