Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0356 1 Ari Pikivirta 1 Home Ftp Server 2026-04-16 N/A
Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command.
CVE-2005-0185 1 Mnet Soft Factory 1 Nodemanager Professional 2026-04-16 N/A
Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.
CVE-2006-0357 1 Grant Averett 1 Cerberus Ftp Server 2026-04-16 N/A
Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.
CVE-2006-2687 1 Agtc Websolutions 1 Php-agtc Membership System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address (useremail parameter).
CVE-2005-0186 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.
CVE-2006-0358 1 Powerportal 1 Powerportal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-2005-0187 1 Athoc 1 Athoc Toolbar 2026-04-16 N/A
Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name.
CVE-2005-0188 1 Athoc 1 Athoc Toolbar 2026-04-16 N/A
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.
CVE-2006-0360 1 Mpm 1 Hp-180w Voip Wifi Phone 2026-04-16 N/A
MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
CVE-2005-0190 1 Realnetworks 2 Realone Player, Realplayer 2026-04-16 N/A
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
CVE-2006-0361 1 Bit 5 Blog 1 Bit 5 Blog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in the comment parameter, which strips most tags but not <a>.
CVE-2005-0198 2 Redhat, University Of Washington 2 Enterprise Linux, Uw-imap 2026-04-16 N/A
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.
CVE-2005-0206 15 Ascii, Cstex, Debian and 12 more 22 Ptex, Cstetex, Debian Linux and 19 more 2026-04-16 N/A
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVE-2006-0363 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords via a program that calls CryptUnprotectData, as demonstrated by the "MSN Password Recovery.exe" program. NOTE: it could be argued that local-only password recovery is inherently insecure because the decryption methods and keys must be stored somewhere on the local system, and are thus inherently accessible with varying degrees of effort. Perhaps this issue should not be included in CVE.
CVE-2006-3652 1 Microsoft 1 Isa Server 2026-04-16 N/A
Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
CVE-2006-3653 1 Microsoft 1 Works 2026-04-16 N/A
wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted (1) Works, (2) Excel, and (3) Lotus 1-2-3 files.
CVE-2005-0214 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.
CVE-2005-0215 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
CVE-2006-0365 1 Xmb Software 1 Xmb Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element.
CVE-2006-3654 1 Microsoft 1 Works 2026-04-16 N/A
Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote attackers to cause a denial of service (CPU consumption or crash) via crafted Excel files.