Total
29932 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1087 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2026-04-16 | N/A |
| Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. | ||||
| CVE-2006-1510 | 1 Microsoft | 1 .net Framework | 2026-04-16 | N/A |
| Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method. | ||||
| CVE-2006-4556 | 2 Joomla, Mambo | 2 Jim Component, Jim Component | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE: another researcher has stated that the product distribution does not include an index.php file. Also, this might be related to CVE-2006-4242 | ||||
| CVE-2006-1518 | 2 Mysql, Oracle | 2 Mysql, Mysql | 2026-04-16 | N/A |
| Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. | ||||
| CVE-2004-1113 | 1 Sqlgrey | 1 Sqlgrey Postfix Greylisting Service | 2026-04-16 | N/A |
| SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. | ||||
| CVE-2006-1529 | 1 Mozilla | 3 Firefox, Seamonkey, Thunderbird | 2026-04-16 | N/A |
| Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different. | ||||
| CVE-2006-3519 | 1 Native Solutions | 1 The Banner Engine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin parameter to (b) signup.php. | ||||
| CVE-2002-1944 | 1 Motorola | 1 Surfboard | 2026-04-16 | N/A |
| Motorola Surfboard 4200 cable modem allows remote attackers to cause a denial of service (crash) by performing a SYN scan using a tool such as nmap. | ||||
| CVE-2006-1533 | 1 Sourceworkshop | 1 Newsletter | 2026-04-16 | N/A |
| SQL injection vulnerability in newsletter.php in Sourceworkshop newsletter 1.0 allows remote attackers to execute arbitrary SQL commands via the newsletteremail parameter. | ||||
| CVE-2002-1971 | 1 Sourcecraft | 1 Networking Utils | 2026-04-16 | N/A |
| The ping utility in networking_utils.php in Sourcecraft Networking_Utils 1.0 allows remote attackers to read arbitrary files via shell metacharacters in the Domain name or IP address argument. | ||||
| CVE-2002-1972 | 1 Sebastian Dehne | 1 Pp Powerswitch | 2026-04-16 | N/A |
| Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch) 0.1 does not properly enforce access controls, which allows local users to access arbitrary ports. | ||||
| CVE-2006-1535 | 1 Phoetux.net | 1 Phxcontacts | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net PhxContacts 0.93.1 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the m parameter. | ||||
| CVE-2005-0014 | 1 Ncpfs | 1 Ncpfs | 2026-04-16 | N/A |
| Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client. | ||||
| CVE-2006-3529 | 1 Juniper | 1 Junos | 2026-04-16 | N/A |
| Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. | ||||
| CVE-2005-0018 | 1 F2c Open Source Project | 1 F2c Translator | 2026-04-16 | N/A |
| The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-1149 | 1 Broadcom | 1 Etrust Ez Antivirus | 2026-04-16 | N/A |
| Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | ||||
| CVE-2006-3543 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php; the id parameter in a (3) Attach and (4) ref action in index.php; the CODE parameter in a (5) Profile, (6) Login, and (7) Help action in index.php; and the (8) member_id parameter in coins_list.php. NOTE: the developer has disputed this issue, stating that the "CODE attribute is never present in an SQL query" and the "'ketqua' [action] and file 'coin_list.php' are not standard IPB 2.x features". It is unknown whether these vectors are associated with an independent module or modification of IPB | ||||
| CVE-2002-1984 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046". | ||||
| CVE-2006-3548 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen). | ||||
| CVE-2006-3565 | 1 Hivemail | 1 Hivemail | 2026-04-16 | N/A |
| SQL injection vulnerability in search.results.php in HiveMail 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the fields[] parameter. | ||||