Search

Search Results (164303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2018-25253 1 Compuphase 1 Termite 2026-04-27 6.2 Medium
Termite 3.4 contains a buffer overflow vulnerability in the User interface language settings field that allows local attackers to cause a denial of service by supplying an excessively long string. Attackers can paste a 2000-byte payload into the Settings User interface language field to crash the application.
CVE-2018-25256 1 Ks-soft 2 Ip-tools, Ip Tools 2026-04-27 5.5 Medium
IP TOOLS 2.50 contains a local buffer overflow vulnerability in the SNMP Scanner component that allows local attackers to crash the application by supplying oversized input. Attackers can paste malicious data into the 'From Addr' and 'To Addr' fields and trigger the crash by clicking the Start button, causing denial of service and SEH overwrite.
CVE-2018-25293 1 Mersenne 1 Prime95 2026-04-27 6.2 Medium
Prime95 29.4b7 contains a buffer overflow vulnerability in the PrimeNet connection dialog that allows local attackers to crash the application by supplying an excessively long string in the optional proxy password field. Attackers can trigger a denial of service by entering a 6000-byte payload into the proxy password parameter, causing the application to crash when processing the connection settings.
CVE-2006-3271 1 Softbizscripts 1 Dating Script 2026-04-24 N/A
Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow remote attackers to execute SQL commands via the (1) country and (2) sort_by parameters in (a) search_results.php; (3) browse parameter in (b) featured_photos.php; (4) cid parameter in (c) products.php, (d) index.php, and (e) news_desc.php.
CVE-2006-1660 1 Softbizscripts 1 Image Gallery Script 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz Image Gallery allows remote attackers to inject arbitrary web script or HTML via msg parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2006-1659 1 Softbizscripts 1 Image Gallery Script 2026-04-24 N/A
Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in image_desc.php, (2) provided parameter in template.php, (3) cid parameter in suggest_image.php, (4) img_id parameter in insert_rating.php, and (5) cid parameter in images.php.
CVE-2005-3938 1 Softbizscripts 1 Faq Script 2026-04-24 N/A
SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.
CVE-2005-3879 1 Softbizscripts 1 Resource Repository Script 2026-04-24 N/A
Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.
CVE-2016-7119 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element.
CVE-2015-2794 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
CVE-2015-1566 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2013-7335 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2013-4649 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to inject arbitrary web script or HTML via the __dnnVariable parameter to the default URI.
CVE-2013-3943 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Display Name field in the Manage Profile.
CVE-2012-1036 2 Dnnsoftware, Dotnetnuke 2 Dotnetnuke, Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in the telerik HTML editor in DotNetNuke before 5.6.4 and 6.x before 6.1.0 allows remote attackers to inject arbitrary web script or HTML via a message.
CVE-2012-1030 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through 6.0.2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted URL containing text that is used within a modal popup.
CVE-2010-4514 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter. NOTE: some of these details are obtained from third party information.
CVE-2009-4110 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page.
CVE-2009-4109 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information.
CVE-2009-1366 1 Dnnsoftware 1 Dotnetnuke 2026-04-24 N/A
Cross-site scripting (XSS) vulnerability in Website\admin\Sales\paypalipn.aspx in DotNetNuke (DNN) before 4.9.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "name/value pairs" and "paypal IPN functionality."