Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0531 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.
CVE-2006-0474 1 Shareaza 1 Shareaza 2026-04-16 N/A
Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.
CVE-2006-0475 1 Theworldsend.net 1 Php-ping 2026-04-16 N/A
PHP-Ping 1.3 does not properly validate ping counts, which allows remote attackers to cause a denial of service (ping flood) via a negative count parameter.
CVE-2006-3807 2 Mozilla, Redhat 4 Firefox, Seamonkey, Thunderbird and 1 more 2026-04-16 N/A
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code via script that changes the standard Object() constructor to return a reference to a privileged object and calling "named JavaScript functions" that use the constructor.
CVE-2006-3840 1 Iss 10 Blackice Pc Protection, Blackice Server Protection, Proventia A Series Xpu and 7 more 2026-04-16 N/A
The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.
CVE-2006-3819 1 Twiki 1 Twiki 2026-04-16 N/A
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".
CVE-2006-0477 1 Git 1 Git 2026-04-16 N/A
Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.
CVE-2005-0574 1 Cupidsystems 1 Cis Webserver 2026-04-16 N/A
Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL.
CVE-2006-3873 1 Microsoft 4 Ie, Windows 2000, Windows 2003 Server and 1 more 2026-04-16 N/A
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
CVE-2006-0497 1 Php Gen 1 Php Gen 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow remote attackers to inject arbitrary SQL commands via unknown attack vectors.
CVE-2006-3908 1 Gillius Programming 1 Game Networking Engine 2026-04-16 N/A
Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string specifiers in unspecified vectors involving output to the gout console.
CVE-2006-3910 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference.
CVE-2006-3911 1 Php Live 1 Php Live 2026-04-16 N/A
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php.
CVE-2006-3912 1 Rarlab 1 Winrar 2026-04-16 N/A
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
CVE-2006-3914 1 Blackboard 1 Blackboard Academic Suite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.
CVE-2005-0620 1 Bfriendly.com 1 Einstein 2026-04-16 N/A
Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information.
CVE-2006-3920 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
CVE-2006-3939 1 Scriptscenter 1 Ezupload Pro 2026-04-16 N/A
ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform administrative activities without authentication in (1) filter.php, which permits changing the Extensions Mode file type; (2) access.php, which permits changing the Protection Method; (3) edituser.php, which permits adding upload capabilities to user accounts; (4) settings.php, which permits changing the admin information; and (5) index.php, which permits uploading of arbitrary files.
CVE-2006-3926 1 Php Pro Bid 1 Php Pro Bid 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
CVE-2006-3929 1 Zyxel 1 Prestige 660h-61 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40(PT.0)b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter.