Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2369 2 Ekg, Redhat 2 Ekg, Enterprise Linux 2026-04-16 N/A
Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.
CVE-2006-1657 1 Chucky A. Ivey 1 N.t. 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page.
CVE-2006-4369 1 Integramod 1 Integramod Portal 2026-04-16 N/A
Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter.
CVE-2006-1658 1 Chucky A. Ivey 1 N.t. 2026-04-16 N/A
Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts.
CVE-2006-4370 1 Alt-n 1 Webadmin 2026-04-16 N/A
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
CVE-2006-1664 1 Xine 1 Xine-lib 2026-04-16 N/A
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
CVE-2006-4371 1 Alt-n 1 Webadmin 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm.
CVE-2005-2372 1 Oracle 1 Forms 2026-04-16 N/A
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.
CVE-2006-1671 1 Cisco 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more 2026-04-16 N/A
Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558.
CVE-2006-4372 1 Constructor Component 1 Constructor Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.
CVE-2005-2373 1 Whitsoft Development 1 Slimftpd 2026-04-16 N/A
Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.
CVE-2006-1681 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
CVE-2006-4373 1 Derek Leung 1 Pslash 2026-04-16 N/A
PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter.
CVE-2005-2374 1 Belkin 1 Belkin 54g Wireless Router 2026-04-16 N/A
Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces.
CVE-2006-1685 1 Apt 1 Apt-webshop-system 2026-04-16 N/A
Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.
CVE-2006-4374 1 Irfanview 1 Irfanview 2026-04-16 N/A
IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow.
CVE-2005-2375 1 Codemasters 1 Toca Race Driver 2026-04-16 N/A
Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message.
CVE-2006-4375 1 Mambo 1 Contacts Xtd Component 2026-04-16 N/A
PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined
CVE-2005-2376 1 Codemasters 1 Toca Race Driver 2026-04-16 N/A
Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message.
CVE-2006-1692 1 Manic Web 1 Mwnewsletter 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis.