Total
29918 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1322 | 1 Cisco | 1 Unity Server | 2026-04-16 | N/A |
| Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. | ||||
| CVE-2004-1892 | 1 Emule | 1 Emule | 2026-04-16 | N/A |
| Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. | ||||
| CVE-2005-2391 | 1 3com | 1 3crwe454g72 | 2026-04-16 | N/A |
| Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface. | ||||
| CVE-2006-3411 | 1 Tor | 1 Tor | 2026-04-16 | N/A |
| TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys. | ||||
| CVE-2005-1362 | 1 Metalinks | 1 Metacart2 | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp. | ||||
| CVE-2005-2402 | 1 Phpsitesearch | 1 Phpsitesearch | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-4688 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | ||||
| CVE-2005-4700 | 1 Tellme | 1 Tellme | 2026-04-16 | N/A |
| TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. | ||||
| CVE-2005-1400 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | ||||
| CVE-2006-3376 | 2 Redhat, Wvware | 3 Enterprise Linux, Libwmf, Wv2 | 2026-04-16 | N/A |
| Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | ||||
| CVE-2006-2886 | 1 Jam Warehouse | 1 Knowledgetree Open Source | 2026-04-16 | N/A |
| view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter, which displays the path in the resulting error message. NOTE: this might be resultant from another vulnerability, since this vector also produces XSS. | ||||
| CVE-2005-2484 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2026-04-16 | N/A |
| Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code. | ||||
| CVE-2005-4729 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. | ||||
| CVE-2005-4740 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client." | ||||
| CVE-2005-4752 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role. | ||||
| CVE-2005-2542 | 1 Invision Power Services | 1 Invision Board | 2026-04-16 | N/A |
| Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. | ||||
| CVE-2005-4762 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges. | ||||
| CVE-2006-3389 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has been disputed by a third party who states that the issue does not leak any target-specific information. | ||||
| CVE-2005-4774 | 1 Xerver | 1 Xerver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. | ||||
| CVE-2005-4776 | 1 Netbsd | 1 Netbsd | 2026-04-16 | N/A |
| Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges. | ||||