Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3866 | 1 Wwwsearchsolutions | 1 Searchfeed Search Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search. | ||||
| CVE-2006-4081 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-16 | N/A |
| preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000. | ||||
| CVE-2005-0240 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message. | ||||
| CVE-2006-0461 | 1 Pmachine | 1 Expressionengine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). | ||||
| CVE-2004-1494 | 1 Kingsoft | 1 Xdict | 2026-04-16 | N/A |
| Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string. | ||||
| CVE-2005-3874 | 1 Weaverslave | 1 Netzbrett | 2026-04-16 | N/A |
| SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php. | ||||
| CVE-2006-0472 | 1 My Little Homepage | 1 My Little Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php in my little homepage my little guestbook, as last modified in March 2004, allows remote attackers to inject arbitrary Javascript via a javascript URI in BBcode link tags. | ||||
| CVE-2004-1498 | 1 Webhost Automation | 1 Helm Control Panel | 2026-04-16 | N/A |
| SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter. | ||||
| CVE-2005-0390 | 1 Axel | 1 Axel | 2026-04-16 | N/A |
| Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code. | ||||
| CVE-2006-0479 | 1 Pmwiki | 1 Pmwiki | 2026-04-16 | N/A |
| pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS). | ||||
| CVE-2006-4120 | 1 Drupal | 2 Drupal, Recipe Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Recipe module (recipe.module) before 1.54 for Drupal 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2004-1500 | 2 Freeform Interactive, Monolith Productions | 11 Purge Jihad, Alien Versus Predator, Blood and 8 more | 2026-04-16 | N/A |
| Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message. | ||||
| CVE-2005-1358 | 1 Text.cgi | 1 Text.cgi | 2026-04-16 | N/A |
| text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | ||||
| CVE-2006-0508 | 1 Easy Cms | 1 Easy Cms | 2026-04-16 | N/A |
| Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory. | ||||
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | ||||
| CVE-1999-0855 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Buffer overflow in FreeBSD gdc program. | ||||
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | ||||
| CVE-2005-0460 | 1 Mercuryboard | 1 Mercuryboard | 2026-04-16 | N/A |
| index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | ||||
| CVE-2004-1506 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. | ||||
| CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2026-04-16 | N/A |
| The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | ||||