Export limit exceeded: 346069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2452 | 1 Libtiff | 1 Libtiff | 2026-04-16 | N/A |
| libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. | ||||
| CVE-2005-2457 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system. | ||||
| CVE-2006-1000 | 1 G2soft | 1 Pentacle In-out Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp. | ||||
| CVE-2005-2459 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-16 | N/A |
| The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. | ||||
| CVE-2006-1002 | 1 Netgear | 1 Wgt624 | 2026-04-16 | N/A |
| NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. | ||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2026-04-16 | N/A |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | ||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2006-1012 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. | ||||
| CVE-2005-2484 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2026-04-16 | N/A |
| Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code. | ||||
| CVE-2006-2306 | 1 Keyvan Janghorbani | 1 Epublisherpro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-2485 | 1 Logicampus | 1 Logicampus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2006-2307 | 1 Website Baker | 1 Website Baker | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Website Baker CMS before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a user display name. | ||||
| CVE-2005-2492 | 3 Canonical, Linux, Redhat | 3 Ubuntu Linux, Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. | ||||
| CVE-2005-2503 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window. | ||||
| CVE-2005-2504 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid. | ||||
| CVE-2005-2510 | 1 Apple | 1 Mac Os X Server | 2026-04-16 | N/A |
| The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator. | ||||
| CVE-2005-2513 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields. | ||||
| CVE-2005-2514 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code. | ||||
| CVE-2005-2516 | 1 Apple | 2 Mac Os X, Safari | 2026-04-16 | N/A |
| Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2005-2520 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords. | ||||