Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0736 1 Novell 2 Linux Desktop, Open Enterprise Server 2026-04-16 N/A
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2006-0744 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel before 2.6.16.5 does not properly handle uncanonical return addresses on Intel EM64T CPUs, which reports an exception in the SYSRET instead of the next instruction, which causes the kernel exception handler to run on the user stack with the wrong GS.
CVE-2005-0207 4 Conectiva, Linux, Redhat and 1 more 5 Linux, Linux Kernel, Enterprise Linux and 2 more 2026-04-16 N/A
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
CVE-2005-0211 3 Debian, Redhat, Squid-cache 3 Debian Linux, Enterprise Linux, Squid 2026-04-16 N/A
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
CVE-2005-0215 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
CVE-2005-0232 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."
CVE-2005-0236 1 Omnigroup 1 Omniweb 2026-04-16 N/A
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2006-4784 1 Moodle 1 Moodle 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.
CVE-2005-0322 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
CVE-2005-0325 1 Techland 1 Xpand Rally 2026-04-16 N/A
Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.
CVE-2006-4961 1 Blue Dragon 1 Php Blue Dragon 2026-04-16 N/A
SQL injection vulnerability in the GetModuleConfig function in public_includes/pub_kernel/pbd_modules.php in Php Blue Dragon 2.9.1 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter to index.php.
CVE-2005-0328 2 Netgear, Zyxel 3 Rt311, Rt314, Prestige 2026-04-16 N/A
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.
CVE-2000-0138 2026-04-16 N/A
A system has a distributed denial of service (DDOS) attack master, agent, or zombie installed, such as (1) Trinoo, (2) Tribe Flood Network (TFN), (3) Tribe Flood Network 2000 (TFN2K), (4) stacheldraht, (5) mstream, or (6) shaft.
CVE-2005-0410 1 Citrusdb 1 Citrusdb 2026-04-16 N/A
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.
CVE-2005-0443 1 Devellion 1 Cubecart 2026-04-16 N/A
index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.
CVE-2005-0504 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Buffer overflow in the MoxaDriverIoctl function for the moxa serial driver (moxa.c) in Linux 2.2.x, 2.4.x, and 2.6.x before 2.6.22 allows local users to execute arbitrary code via a certain modified length value.
CVE-2001-1379 2 Guiseppe Tanzilli And Matthias Eckermann, Redhat 2 Mod Auth Pgsql, Linux 2026-04-16 N/A
The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and (2) mod_auth_pgsql_sys 0.9.4, allow remote attackers to bypass authentication and execute arbitrary SQL via a SQL injection attack on the user name.
CVE-2002-2307 1 Pyramid 1 Benhur Software Update 2026-04-16 N/A
The default configuration of BenHur Firewall release 3 update 066 fix 2 allows remote attackers to access arbitrary services by connecting from source port 20.
CVE-2006-0658 1 Fckeditor 1 Fckeditor 2026-04-16 N/A
Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt.
CVE-2006-0648 1 Php Icalendar 1 Php Icalendar 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.