Export limit exceeded: 348081 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1089 | 1 Dc\+\+ | 1 Dc\+\+ | 2026-04-16 | N/A |
| Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. | ||||
| CVE-2005-1097 | 1 Rebrand | 1 P2p Share Spy | 2026-04-16 | N/A |
| Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges. | ||||
| CVE-2005-1098 | 1 Runtime Software | 1 Getdataback For Ntfs | 2026-04-16 | N/A |
| GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information. | ||||
| CVE-2006-0576 | 2 Maynard Johnson, Redhat | 2 Oprofile, Enterprise Linux | 2026-04-16 | N/A |
| Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability. | ||||
| CVE-2006-0590 | 1 Jaia Interactive | 1 Mytopix | 2026-04-16 | N/A |
| MyTopix 1.2.3 allows remote attackers to obtain the installation path via an invalid hl parameter to index.php, which leads to path disclosure, possibly related to invalid SQL syntax. | ||||
| CVE-2006-0614 | 1 Sun | 3 Jdk, Jre, Sdk | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and earlier, SDK and JRE 1.3.x through 1.3.1_16 and 1.4.x through 1.4.2_08 allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "first issue." | ||||
| CVE-2006-2670 | 1 Calendarscripts.com | 1 Chatpat | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. | ||||
| CVE-2006-0616 | 1 Sun | 2 Jdk, Jre | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and earlier allows remote attackers to bypass Java sandbox security and obtain privileges via unspecified vectors involving the reflection APIs, aka the "fourth issue." | ||||
| CVE-2005-1132 | 1 Lg Electronics | 1 Lg Mobile Phone | 2026-04-16 | N/A |
| LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | ||||
| CVE-2006-0666 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels in IBM AIX 5.3 VRMF 5.3.0.30 through 5.3.0.33 allows local users to cause a denial of service (system crash) via unknown vectors related to EMULATE_VMX. | ||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2026-04-16 | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||
| CVE-2006-2682 | 1 Back-end | 1 Back-end Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. | ||||
| CVE-2005-1264 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589. | ||||
| CVE-2005-1332 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory. | ||||
| CVE-2006-0714 | 1 Flyspray | 1 Flyspray | 2026-04-16 | N/A |
| Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the adodbpath parameter. | ||||
| CVE-2005-1350 | 1 Leif M. Wright | 1 Ad.cgi | 2026-04-16 | N/A |
| The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||
| CVE-2006-2688 | 1 Achievo | 1 Achievo | 2026-04-16 | N/A |
| SQL injection vulnerability in the employees node (class.employee.inc) in Achievo 1.1.0 and earlier and 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the atkselector parameter. | ||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | ||||
| CVE-2005-1352 | 1 Leif M. Wright | 1 Ad.cgi | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | ||||
| CVE-2005-1357 | 1 Text.cgi | 1 Text.cgi | 2026-04-16 | N/A |
| text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||