Total
29930 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3628 | 2 Redhat, Xpdf | 2 Enterprise Linux, Xpdf | 2026-04-16 | N/A |
| Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | ||||
| CVE-2005-3629 | 1 Redhat | 1 Enterprise Linux | 2026-04-16 | N/A |
| initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. | ||||
| CVE-2006-4109 | 1 Drupal | 1 Bibliography Module | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Bibliography (biblio.module) 4.6 before revision 1.1.1.1.4.11 and 4.7 before revision 1.13.2.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2026-04-16 | N/A |
| HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | ||||
| CVE-2006-4116 | 1 Lhaz | 1 Lhaz | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message. | ||||
| CVE-2006-4118 | 1 Chaossoft | 1 Geheimchaos | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Temp_entered_login or (2) Temp_entered_email parameters to (a) gc.php, and in multiple parameters in (b) include/registrieren.php, possibly involving the (3) $form_email, (4) $form_vorname, (5) $form_nachname, (6) $form_strasse, (7) $form_plzort, (8) $form_land, (9) $form_homepage, (10) $form_bildpfad, (11) $form_profilsichtbar, (12) $Temp_sprache, (13) $form_tag, (14) $form_monat, (15) $form_jahr, (16) $Temp_akt_string, (17) $form_icq, (18) $form_msn, (19) $form_yahoo, (20) $form_username, and (21) $Temp_form_pass variables. | ||||
| CVE-2006-4119 | 1 Chaossoft | 1 Geheimchaos | 2026-04-16 | N/A |
| SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier allows remote attackers to execute arbitrary SQL commands via the Temp_entered_password parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. | ||||
| CVE-2006-4122 | 1 Simple One-file Guestbook | 1 Simple One-file Guestbook | 2026-04-16 | N/A |
| Simple one-file guestbook 1.0 and earlier allows remote attackers to bypass authentication and delete guestbook entries via a modified id parameter to guestbook.php. | ||||
| CVE-2006-4123 | 1 Boite De News | 1 Boite De News | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in boitenews4/index.php in Boite de News 4.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the url_index parameter. | ||||
| CVE-2006-4125 | 1 Dconnect | 1 Dconnect Daemon | 2026-04-16 | N/A |
| Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function. | ||||
| CVE-2005-3654 | 1 Bluecoat | 1 Webproxy | 2026-04-16 | N/A |
| Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap. | ||||
| CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2026-04-16 | N/A |
| Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | ||||
| CVE-2006-4128 | 1 Symantec Veritas | 1 Backup Exec | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec for Netware Server Remote Agent for Windows Server 9.1 and 9.2 (all builds), Backup Exec Continuous Protection Server Remote Agent for Windows Server 10.1 (builds 10.1.325.6301, 10.1.326.1401, 10.1.326.2501, 10.1.326.3301, and 10.1.327.401), and Backup Exec for Windows Server and Remote Agent 9.1 (build 9.1.4691), 10.0 (builds 10.0.5484 and 10.0.5520), and 10.1 (build 10.1.5629) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RPC message. | ||||
| CVE-2005-3657 | 1 Mcafee | 2 Mcinsctl.dll, Virusscan Security Center | 2026-04-16 | N/A |
| The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object. | ||||
| CVE-2006-4129 | 1 Joomla | 1 Webring Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in admin.webring.docs.php in the Webring Component (com_webring) 1.0 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the component_dir parameter. | ||||
| CVE-2006-4132 | 1 Arcsoft | 1 Mms Composer | 2026-04-16 | N/A |
| ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and possibly earlier, allow remote attackers to cause a denial of service (resource exhaustion and application crash) via WAPPush messages to UDP port UDP 2948. | ||||
| CVE-2005-3664 | 2 F-secure, Kaspersky Lab | 3 F-secure Anti-virus, Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2026-04-16 | N/A |
| Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file. | ||||
| CVE-2005-3665 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | ||||
| CVE-2005-3669 | 1 Cisco | 8 Adaptive Security Appliance Software, Firewall Services Module, Ios and 5 more | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in the Internet Key Exchange version 1 (IKEv1) implementation in multiple Cisco products allow remote attackers to cause a denial of service (device reset) via certain malformed IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Cisco advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2006-4137 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server before 6.1.0.1 allows attackers to obtain sensitive information via unspecified vectors related to (1) the log file, (2) "script generated syntax on wsadmin command line," and (3) traces. | ||||