Export limit exceeded: 361971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361971 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-1316 | 1 Microsoft | 1 Office | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. | ||||
| CVE-2006-3469 | 3 Mysql, Oracle, Redhat | 3 Mysql, Mysql, Enterprise Linux | 2026-04-16 | N/A |
| Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_format function, which is later used in a formatted print call to display the error message. | ||||
| CVE-2006-3468 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Linux kernel 2.6.x, when using both NFS and EXT3, allows remote attackers to cause a denial of service (file system panic) via a crafted UDP packet with a V2 lookup procedure that specifies a bad file handle (inode number), which triggers an error and causes an exported directory to be remounted read-only. | ||||
| CVE-2006-3467 | 2 Freetype, Redhat | 2 Freetype, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861. | ||||
| CVE-2006-1252 | 1 Light Weight Calendar | 1 Light Weight Calendar | 2026-04-16 | N/A |
| Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. | ||||
| CVE-2006-3464 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic operations". | ||||
| CVE-2006-1250 | 1 Amax Information Technologies | 1 Winmail | 2026-04-16 | N/A |
| Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. | ||||
| CVE-2006-3463 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value, which triggers an infinite loop. | ||||
| CVE-2006-3461 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2006-1217 | 1 Dsportal | 1 Dspoll | 2026-04-16 | N/A |
| SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. | ||||
| CVE-2006-1216 | 1 Runcms | 1 Runcms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2006-3460 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line size (TiffScanLineSize). | ||||
| CVE-2006-3459 | 3 Adobe, Libtiff, Redhat | 3 Acrobat Reader, Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c. | ||||
| CVE-2006-3454 | 1 Symantec | 2 Client Security, Norton Antivirus | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection and (2) Virus Alert Notification messages. | ||||
| CVE-2006-3449 | 1 Microsoft | 1 Powerpoint | 2026-04-16 | N/A |
| Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability." | ||||
| CVE-2005-3621 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts. | ||||
| CVE-2006-3443 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability." | ||||
| CVE-2005-3594 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables. | ||||
| CVE-2005-3592 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter. | ||||
| CVE-2005-3591 | 1 Macromedia | 1 Flash Player | 2026-04-16 | N/A |
| Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628. | ||||