Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2501 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
CVE-2006-3480 1 Joomla 1 Joomla 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.10 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters involving the (1) getUserStateFromRequest function, and the (2) SEF and (3) com_messages modules.
CVE-2003-0156 1 Cross Referencer 1 Lxr 2026-04-16 N/A
Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.
CVE-2005-0455 2 Realnetworks, Redhat 4 Realone Player, Realplayer, Enterprise Linux and 1 more 2026-04-16 N/A
Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
CVE-2005-2522 1 Apple 2 Mac Os X, Safari 2026-04-16 N/A
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
CVE-2003-0169 1 Hp 1 Instant Toptools 2026-04-16 N/A
hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before 5.55 allows remote attackers to cause a denial of service (CPU consumption) via a request to hpnst.exe that calls itself, which causes an infinite loop.
CVE-2005-0463 1 Inl 1 Ulog-php 2026-04-16 N/A
Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.
CVE-2003-0179 1 Ibm 2 Lotus Domino Web Server, Lotus Notes Client 2026-04-16 N/A
Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.
CVE-2003-0214 1 Debian 1 Mime-support 2026-04-16 N/A
run-mailcap in mime-support 3.22 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2006-3493 1 Microsoft 1 Office 2026-04-16 N/A
Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
CVE-2005-2532 1 Openvpn 1 Openvpn 2026-04-16 N/A
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
CVE-2006-3498 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
CVE-2006-3505 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML document that causes WebKit to access an object that has already been deallocated.
CVE-2005-0491 1 Knox Software 1 Arkeia Server Backup 2026-04-16 N/A
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
CVE-2005-0494 1 Thomson 1 Thomson Cable Modem 2026-04-16 N/A
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
CVE-2005-2559 1 E107 1 E107 2026-04-16 N/A
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function.
CVE-2005-0501 1 Digipen Institute Of Technology 1 Bontago 2026-04-16 N/A
Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname.
CVE-2006-3514 1 Phpblogger 1 Php-blogger 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin/actions.php in PHP-Blogger 2.2.5, and possibly earlier versions, allow remote attackers to execute arbitrary web script or HTML via the (1) name, (2) title, (3) news, (4) description, and (5) sitename parameters.
CVE-2003-0261 1 Fuzz 1 Fuzz 2026-04-16 N/A
fuzz 0.6 and earlier creates temporary files insecurely, which could allow local users to gain root privileges.
CVE-2006-3516 1 Freehost 1 Freehost 2026-04-16 N/A
Multiple SQL injection vulnerabilities in FreeHost allow remote attackers to execute arbitrary SQL commands via (1) readme parameter to FreeHost/misc.php or (2) index parameter to FreeHost/news.php.