Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0473 3 Mandrakesoft, Redhat, Rob Flynn 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more 2026-04-16 N/A
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
CVE-2005-4321 1 Apani Networks 1 Epiforce Agent 2026-04-16 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2005-4676 1 Andreas Huggel 1 Exiv2 2026-04-16 N/A
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
CVE-2006-2753 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input.
CVE-2006-3355 1 Mpg123 1 Mpg123 2026-04-16 N/A
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
CVE-2001-1507 1 Openbsd 1 Openssh 2026-04-16 N/A
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
CVE-2005-1250 1 Ipswitch 1 Whatsup 2026-04-16 N/A
SQL injection vulnerability in the logon screen of the web front end (NmConsole/Login.asp) for IpSwitch WhatsUp Professional 2005 SP1 allows remote attackers to execute arbitrary SQL commands via the (1) User Name field (sUserName parameter) or (2) Password (sPassword parameter).
CVE-2005-4139 1 Thwboard 1 Thwboard Beta 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
CVE-1999-0029 1 Sgi 1 Irix 2026-04-16 8.4 High
root privileges via buffer overflow in ordist command on SGI IRIX systems.
CVE-1999-0045 2 Apache, Netscape 4 Http Server, Commerce Server, Communications Server and 1 more 2026-04-16 N/A
List of arbitrary files on Web host via nph-test-cgi script.
CVE-1999-0100 1 Isc 1 Inn 2026-04-16 N/A
Remote access in AIX innd 1.5.1, using control messages.
CVE-1999-0333 1 Hp 1 Hp-ux 2026-04-16 N/A
HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack.
CVE-1999-0444 1 Microsoft 3 Windows 95, Windows 98, Windows Nt 2026-04-16 N/A
Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files.
CVE-1999-1552 1 Ibm 1 Aix 2026-04-16 N/A
dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and earlier does not properly check privileges, which allows local users to overwrite arbitrary files and gain privileges.
CVE-2000-0088 1 Microsoft 4 Office, Office Converter Pack, Powerpoint and 1 more 2026-04-16 N/A
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
CVE-2000-0439 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
CVE-2000-0621 1 Microsoft 2 Outlook, Outlook Express 2026-04-16 N/A
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
CVE-2004-0437 1 South River Technologies 1 Titan Ftp Server 2026-04-16 N/A
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
CVE-2004-2097 1 Suse 1 Suse Linux 2026-04-16 N/A
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
CVE-2004-1307 11 Apple, Avaya, Conectiva and 8 more 20 Mac Os X, Mac Os X Server, Call Management System Server and 17 more 2026-04-16 N/A
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.