Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363061 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2841 1 Cisco 1 Ios 2026-04-16 N/A
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials.
CVE-2006-2086 1 Juniper 1 Junipersetup Control 2026-04-16 N/A
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1 before 5.1r8, 5.2 before 5.2r4.1, or 5.3 before 5.3r2.1, allows remote attackers to execute arbitrary code via a long argument in the ProductName parameter.
CVE-2006-4548 1 E107 1 E107 2026-04-16 N/A
e107 0.75 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary PHP code via the tinyMCE_imglib_include image/jpeg parameter in e107_handlers/tiny_mce/plugins/ibrowser/ibrowser.php, as demonstrated by a multipart/form-data request. NOTE: it could be argued that this vulnerability is due to a bug in the unset PHP command (CVE-2006-3017) and the proper fix should be in PHP; if so, then this should not be treated as a vulnerability in e107.
CVE-2005-2842 1 Dameware Development 1 Mini Remote Control Server 2026-04-16 N/A
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username.
CVE-2006-2101 1 Winiso Computing 1 Winiso 2026-04-16 N/A
Directory traversal vulnerability in WinISO 5.3 allows remote attackers to write arbitrary files via a .. (dot dot) in a filename in an ISO image.
CVE-2006-4549 1 Chxo 1 Feedsplitter 2026-04-16 N/A
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.
CVE-2005-2843 1 Helpdesk Software 1 Hesk 2026-04-16 N/A
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
CVE-2006-4550 1 Chxo 1 Feedsplitter 2026-04-16 N/A
Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.
CVE-2005-2844 1 Indiatimes Messenger 1 Indiatimes Messenger 2026-04-16 N/A
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
CVE-2005-2845 1 Ariba 1 Ariba Spend Management Solutions 2026-04-16 N/A
Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.
CVE-2006-2119 1 Artmedic Webdesign 1 Artmedic Event 2026-04-16 N/A
PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter.
CVE-2006-4551 1 Chxo 1 Feedsplitter 2026-04-16 N/A
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.
CVE-2005-2846 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
CVE-2006-2120 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
CVE-2005-2847 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2006-4552 1 Chxo 1 Feedsplitter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.
CVE-2005-2848 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
CVE-2005-2849 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
CVE-2006-2124 1 Turnkey Solutions 1 Sunshop Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php.
CVE-2006-2127 1 Blog Mod 1 Blog Mod 2026-04-16 N/A
SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter.