Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4154 1 Php 1 Pear 2026-04-16 N/A
Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend is loaded.
CVE-2006-0287 1 Oracle 2 Application Server, Database Server 2026-04-16 N/A
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.
CVE-2002-2262 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows remote attackers to cause a denial of service (hang) via unknown attack vectors.
CVE-2004-1064 2 Canonical, Php 2 Ubuntu Linux, Php 2026-04-16 N/A
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVE-2006-4470 1 Joomla 1 Joomla\! 2026-04-16 N/A
Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion.
CVE-2006-0288 1 Oracle 2 Application Server, E-business Suite 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.
CVE-2004-2345 1 Oracle 1 Database Server 2026-04-16 N/A
Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive information.
CVE-2006-0265 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text component and (2) DB18 in the Program Interface Network component. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that DB17 involves SQL injection in the (a) VALIDATE_STATEMENT and BUILD_DML functions in CTXSYS.DRILOAD; (b) CLEAN_DML function in CTXSYS.DRIDML; (c) GET_ROWID function in CTXSYS.CTX_DOC; (d) BROWSE_WORDS function in CTXSYS.CTX_QUERY; and (e) ODCIINDEXTRUNCATE, ODCIINDEXDROP, and ODCIINDEXDELETE functions in CATINDEXMETHODS.
CVE-2005-3041 1 Opera 1 Opera Browser 2026-04-16 N/A
Unspecified "drag-and-drop vulnerability" in Opera Web Browser before 8.50 on Windows allows "unintentional file uploads."
CVE-2005-3627 2 Redhat, Xpdf 2 Enterprise Linux, Xpdf 2026-04-16 N/A
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
CVE-2006-0270 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has not disputed a reliable researcher report that TDA stores the master key without encryption, which allows local users to obtain the key via the SGA.
CVE-2005-3057 1 Fortinet 2 Fortigate, Fortios 2026-04-16 N/A
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.
CVE-2006-0281 1 Oracle 1 Enterpriseone 2026-04-16 N/A
Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.
CVE-2006-0256 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Advanced Queuing component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.6, 10.1.0.3 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB01.
CVE-2006-0261 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and (2) DB14 in the Oracle Label Security component. NOTE: Oracle has not disputed reliable researcher claims that DB07 involves plaintext storage of the TDE wallet password in a trace file by event 10053.
CVE-2006-0263 1 Oracle 1 Database Server 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the (a) Net Listener component; and (2) DB12 and (3) DB13 in the Network Communications (RPC) component.
CVE-2006-0266 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19.
CVE-2006-0271 1 Oracle 4 Database Server, Oracle10g, Oracle8i and 1 more 2026-04-16 N/A
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.
CVE-2006-0277 1 Oracle 1 E-business Suite 2026-04-16 N/A
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2) APPS07 in the (b) Oracle Applications Framework component; (3) APPS08, (4) APPS09, (5) APPS10, and (6) APPS11 in the (c) Oracle Applications Technology Stack component; (7) APPS12 in the (d) Oracle Human Resources component; (8) APPS15 and (9) APPS16 in the (e) Oracle Marketing component; (10) APPS17 in the (f) Marketing Encyclopedia System component; (11) APPS18 in the (g) Oracle Trade Management component; and (12) APPS19 in the (h) Oracle Web Applications Desktop Integration component.
CVE-2006-0290 1 Oracle 4 Application Server, Collaboration Suite, Database Server and 1 more 2026-04-16 N/A
Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component.