Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0711 1 Neomail 1 Neomail 2026-04-16 N/A
The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled.
CVE-2006-4231 1 Irfanview 1 Irfanview 2026-04-16 N/A
IrfanView 3.98 (with plugins) allows remote attackers to cause a denial of service (application crash) via a crafted CUR image file.
CVE-2006-4232 1 Globus 1 Globus Toolkit 2026-04-16 N/A
Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.
CVE-2005-0941 2 Openoffice, Redhat 2 Openoffice, Enterprise Linux 2026-04-16 N/A
The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.
CVE-2005-0942 1 Sybase 1 Adaptive Server Enterprise 2026-04-16 N/A
The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port.
CVE-2006-0712 1 Squishdot 1 Squishdot 2026-04-16 N/A
mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.
CVE-2005-0943 1 Cisco 8 Vpn 3000 Concentrator Series Software, Vpn 3002 Hardware Client, Vpn 3005 Concentrator Software and 5 more 2026-04-16 N/A
Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and earlier allows remote attackers to cause a denial of service (device reload or drop user connection) via a crafted HTTPS packet.
CVE-2005-0952 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2005-0961 1 Horde 1 Application Framework 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.
CVE-2006-0713 1 Linpha 1 Linpha 2026-04-16 N/A
Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) lang parameter in docs/index.php and the language parameter in (2) install/install.php, (3) install/sec_stage_install.php, (4) install/third_stage_install.php, and (5) install/forth_stage_install.php. NOTE: direct static code injection is resultant from this issue, as demonstrated by inserting PHP code into the username, which is inserted into linpha.log, which is accessible from the directory traversal.
CVE-2005-0966 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
CVE-2005-0969 1 Apple 1 Mac Os X 2026-04-16 N/A
Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.
CVE-2006-0714 1 Flyspray 1 Flyspray 2026-04-16 N/A
Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter.
CVE-2006-0715 1 Solucija 1 Snews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field.
CVE-2005-0975 2 Apple, Opendarwin 3 Mac Os X, Mac Os X Server, Darwin Kernel 2026-04-16 N/A
Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.
CVE-2006-0716 1 Solucija 1 Snews 2026-04-16 N/A
SQL injection vulnerability in index.php in sNews 1.3 allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
CVE-2005-0978 1 Ivt 1 Bluesoleil 2026-04-16 N/A
Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.
CVE-2006-0717 1 Ibm 1 Tivoli Directory Server 2026-04-16 N/A
IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite.
CVE-2005-0980 1 Alstrasoft 1 Epay 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
CVE-2006-0718 1 Avaya 5 Csu 5000, Vsu 100, Vsu 10000 and 2 more 2026-04-16 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.