Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2369 | 2 Ekg, Redhat | 2 Ekg, Enterprise Linux | 2026-04-16 | N/A |
| Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. | ||||
| CVE-2006-1657 | 1 Chucky A. Ivey | 1 N.t. | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Chucky A. Ivey N.T. 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not filtered when the administrator views the "Login Log" page. | ||||
| CVE-2006-4369 | 1 Integramod | 1 Integramod Portal | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in includes/functions_portal.php in IntegraMOD Portal 2.x and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via an absolute pathname in the phpbb_root_path parameter. | ||||
| CVE-2006-1658 | 1 Chucky A. Ivey | 1 N.t. | 2026-04-16 | N/A |
| Direct static code injection vulnerability in ticker.db.php in Chucky A. Ivey N.T. 1.1.0 allows remote administrators to insert arbitrary PHP code into the config file, which is included other N.T. scripts. | ||||
| CVE-2006-4370 | 1 Alt-n | 1 Webadmin | 2026-04-16 | N/A |
| Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. | ||||
| CVE-2006-1664 | 1 Xine | 1 Xine-lib | 2026-04-16 | N/A |
| Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream. | ||||
| CVE-2006-4371 | 1 Alt-n | 1 Webadmin | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated global administrators to read arbitrary files via a .. (dot dot) in the file parameter to (1) logfile_view.wdm and (2) configfile_view.wdm. | ||||
| CVE-2005-2372 | 1 Oracle | 1 Forms | 2026-04-16 | N/A |
| Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. | ||||
| CVE-2006-1671 | 1 Cisco | 5 Ons 15310-cl Series, Ons 15454 Mspp, Ons 15600 and 2 more | 2026-04-16 | N/A |
| Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. | ||||
| CVE-2006-4372 | 1 Constructor Component | 1 Constructor Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. | ||||
| CVE-2005-2373 | 1 Whitsoft Development | 1 Slimftpd | 2026-04-16 | N/A |
| Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands. | ||||
| CVE-2006-1681 | 1 Cherokee | 1 Cherokee Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. | ||||
| CVE-2006-4373 | 1 Derek Leung | 1 Pslash | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in modules/visitors2/include/config.inc.php in pSlash 0.70 allows remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter. | ||||
| CVE-2005-2374 | 1 Belkin | 1 Belkin 54g Wireless Router | 2026-04-16 | N/A |
| Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. | ||||
| CVE-2006-1685 | 1 Apt | 1 Apt-webshop-system | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid. | ||||
| CVE-2006-4374 | 1 Irfanview | 1 Irfanview | 2026-04-16 | N/A |
| IrfanView 3.98 (with plugins) allows user-assisted attackers to cause a denial of service (application crash) via a crafted ANI image file, possibly due to a buffer overflow. | ||||
| CVE-2005-2375 | 1 Codemasters | 1 Toca Race Driver | 2026-04-16 | N/A |
| Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message. | ||||
| CVE-2006-4375 | 1 Mambo | 1 Contacts Xtd Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in contxtd.class.php in the Contacts XTD (ContXTD) component for Mambo (com_contxtd) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has disputed this issue, saying that the software prevents the attack by checking whether _VALID_MOS is defined | ||||
| CVE-2005-2376 | 1 Codemasters | 1 Toca Race Driver | 2026-04-16 | N/A |
| Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message. | ||||
| CVE-2006-1692 | 1 Manic Web | 1 Mwnewsletter | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information, although it is likely that this was discovered during post-disclosure analysis. | ||||