Search Results (363855 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3325 1 Id Software 1 Quake 3 Engine 2026-04-16 N/A
client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus Quake 3 Engine (ioquake3) revision 810 and earlier allows remote malicious servers to overwrite arbitrary write-protected cvars variables on the client, such as cl_allowdownload for Automatic Downloading and fs_homepath for the quake3 path, via a string of cvar names and values sent from the server. NOTE: this can be combined with another vulnerability to overwrite arbitrary files.
CVE-2005-2793 1 Phpldapadmin Project 1 Phpldapadmin 2026-04-16 N/A
PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
CVE-2006-1898 1 Ralph Capper 1 Tinyphpforum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper Tiny PHP Forum (TPF) 3.6 allow remote attackers to inject arbitrary web script or HTML via (1) the uname parameter in a view action in profile.php and (2) a login name. NOTE: the "Access to hash password" issue is already covered by CVE-2006-0103.
CVE-2005-2796 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests.
CVE-2005-2797 1 Openbsd 1 Openssh 2026-04-16 N/A
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
CVE-2006-1901 1 Mozilla 1 Camino 2026-04-16 N/A
Mozilla Camino 1.0 and earlier allow remote attackers to cause a denial of service (null dereference and application crash or hang) via HTML with certain improperly nested elements. NOTE: this might be the same issue as CVE-2006-1724.
CVE-1999-0834 1 Rsa 1 Rsaref 2026-04-16 N/A
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
CVE-2005-2800 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
CVE-2006-1903 1 Userland 1 Manila 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila allow remote attackers to inject arbitrary web script or HTML (1) via the referer parameter in sendMail, and via attributes of (2) the A element and certain other HTML elements in web pages edited with the editInBrowser module. NOTE: the msgReader$1 mode attack vector is already covered by CVE-2006-1769.
CVE-2005-2803 1 Hiki 1 Hiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
CVE-2005-2814 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.
CVE-2006-1904 1 Animegenesis 1 Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis Gallery allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2006-3326 1 Joesph Leung 1 Quickzip 2026-04-16 N/A
Directory traversal vulnerability in QuickZip 3.06.3 allows remote user-assisted attackers to overwrite arbitrary files or directories via .. (dot dot) sequences in filenames within (1) TAR,(2) GZ, and (3) JAR archives. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-2818 1 Eric Fichot 1 Downfile 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php.
CVE-2005-2820 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]".
CVE-1999-0837 2 Isc, Sun 3 Bind, Solaris, Sunos 2026-04-16 N/A
Denial of service in BIND by improperly closing TCP sessions via so_linger.
CVE-2005-2830 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
CVE-2006-1913 1 Jax Scripts 1 Jax Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-2831 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
CVE-2005-2706 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.