Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3344 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | ||||
| CVE-2006-4796 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums 2000 3.4.06 allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter (strtopicsortord variable). | ||||
| CVE-2005-3345 | 1 Rssh | 1 Rssh | 2026-04-16 | N/A |
| rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. | ||||
| CVE-2006-4023 | 1 Php | 1 Php | 2026-04-16 | N/A |
| The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner. | ||||
| CVE-2006-4797 | 1 Cj Design | 1 Cj Tag Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in tag.php in CloudNine Interactive CJ Tag Board 3.0 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a url BBcode tag in the cjmsg parameter. | ||||
| CVE-2006-4025 | 1 Xennobb | 1 Xennobb | 2026-04-16 | N/A |
| SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section. | ||||
| CVE-2006-4798 | 1 Dws Systems Inc. | 1 Sql-ledger | 2026-04-16 | N/A |
| SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. | ||||
| CVE-2006-2532 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an invalid value that prevents some variables from being set. | ||||
| CVE-2006-4034 | 1 Moderngigabyte | 1 Modernbill | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in include/html/config.php in ModernGigabyte ModernBill 1.6 allows remote attackers to execute arbitrary PHP code via a URL in the DIR parameter. | ||||
| CVE-2006-4799 | 1 Xine | 1 Xine-lib | 2026-04-16 | N/A |
| Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow context-dependent attackers to execute arbitrary code via a crafted AVI file and "bad indexes", a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | ||||
| CVE-2006-4036 | 1 Zonemetrics | 1 Zonex Publishers Gold Edition | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/usercp_register.php in ZoneMetrics ZoneX Publishers Gold Edition 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2006-4800 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-16 | N/A |
| Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802. | ||||
| CVE-2006-2533 | 1 Greg Donald | 1 Destiney Rated Images Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. | ||||
| CVE-2005-3350 | 2 Libungif, Redhat | 2 Libungif, Enterprise Linux | 2026-04-16 | N/A |
| libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write. | ||||
| CVE-2006-2534 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | ||||
| CVE-2005-3351 | 2 Apache, Redhat | 2 Spamassassin, Enterprise Linux | 2026-04-16 | N/A |
| SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | ||||
| CVE-2006-4802 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-16 | N/A |
| Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than CVE-2006-3454, a "second format string vulnerability" as found by the vendor. | ||||
| CVE-2006-2536 | 1 Greg Donald | 1 Destiney Links Script | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. | ||||
| CVE-2005-3356 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors. | ||||
| CVE-2006-4803 | 1 Netiq | 1 Identity Manager | 2026-04-16 | N/A |
| The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection." | ||||