Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4447 1 X.org 9 Emu-linux-x87-xlibs, X11r6, X11r7 and 6 more 2026-04-16 N/A
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
CVE-2005-3920 1 Babe Logger 1 Babe Logger 2026-04-16 N/A
SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the (1) gal parameter to index.php or (2) id parameter to comments.php.
CVE-2005-3944 1 Faq System 1 Faq System 2026-04-16 N/A
SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter.
CVE-2005-4006 1 Redgraphic 1 Sapid Cms 2026-04-16 N/A
SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to the usr/system files (1) insert_file.php, (2) insert_image.php, (3) insert_link.php, (4) insert_qcfile.php, and (5) edit.php.
CVE-2005-4014 1 Php Web 1 Statistik 2026-04-16 N/A
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value.
CVE-2005-4019 1 Relative Real Estate Systems 1 Relative Real Estate Systems 2026-04-16 N/A
SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter.
CVE-2005-4031 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function.
CVE-2006-2548 2 Perlpodder, Prodder 2 Perlpodder, Prodder 2026-04-16 N/A
Prodder before 0.5, and perlpodder before 0.5, allows remote attackers to execute arbitrary code via shell metacharacters in the URL of a podcast (url attribute of an enclosure tag, or $enc_url variable), which is executed when running wget.
CVE-2005-4042 1 Mr. Cgi Guy 1 Warm Links 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi.
CVE-2005-3701 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
CVE-2005-3700 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors.
CVE-2005-3694 1 Centericq 1 Centericq 2026-04-16 N/A
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
CVE-2005-3677 1 Realnetworks 1 Realplayer 2026-04-16 N/A
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
CVE-2006-2385 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted web page that triggers memory corruption when it is saved as a multipart HTML (.mht) file.
CVE-2006-2380 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
CVE-2005-3640 1 Floosietek 1 Ftgate 2026-04-16 N/A
Multiple buffer overflows in the IMAP Groupware Mail server of Floosietek FTGate (FTGate4) 4.1 allow remote attackers to execute arbitrary code via long arguments to various IMAP commands, as demonstrated with the EXAMINE command.
CVE-2005-3586 1 Mambo 1 Mambo 2026-04-16 N/A
content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error.
CVE-2005-2953 1 Miva 1 Miva Merchant 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.
CVE-2005-2957 1 Avira 1 Desktop 2026-04-16 N/A
Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive.
CVE-2005-2969 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Network Satellite and 1 more 2026-04-16 N/A
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.