Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4451 1 Eset Software 1 System Analyzer Tool 2026-04-23 N/A
The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET System Analyzer Tool 1.1.1.0 allows local users to execute arbitrary code via a certain METHOD_NEITHER IOCTL request to \Device\esiasdrv that overwrites a pointer.
CVE-2006-5741 1 Airmagnet 1 Enterprise 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface.
CVE-2006-5754 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation.
CVE-2008-1226 1 Zimbra 1 Collaboration Suite 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration Suite (ZCS) 4.0.3, 4.5.6, and possibly other versions before 4.5.10 allow remote attackers to inject arbitrary web script or HTML via an e-mail attachment, possibly involving a (1) .jpg or (2) .gif image attachment.
CVE-2006-5779 2 Canonical, Openldap 2 Ubuntu Linux, Openldap 2026-04-23 7.5 High
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
CVE-2006-5809 1 Jonathon J. Freeman 1 Ovbb 2026-04-23 N/A
Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.
CVE-2006-5810 1 Xoops 1 Xoops 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in modules/wfdownloads/newlist.php in XOOPS 1.0 allows remote attackers to inject arbitrary web script or HTML via the newdownloadshowdays parameter.
CVE-2007-5938 2 Intel, Redhat 3 Pro Wireless 3945abg, Wireless Wifi Link 4965agn, Enterprise Linux 2026-04-23 N/A
The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.
CVE-2006-5812 1 Kerio 1 Kerio Mailserver 2026-04-23 N/A
Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-4493 1 Microsoft 1 Digital Image 2026-04-23 N/A
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
CVE-2008-5176 1 Clientsoftware 1 Wincom Mpd Total 2026-04-23 N/A
Multiple buffer overflows in Client Software WinCom LPD Total 3.0.2.623 and earlier allow remote attackers to execute arbitrary code via (1) a long 0x02 command to the remote administration service on TCP port 13500 or (2) a long invalid control filename to LPDService.exe on TCP port 515.
CVE-2006-5814 1 Novell 1 Edirectory 2026-04-23 N/A
Unspecified vulnerability in Novell eDirectory allows remote attackers to execute arbitrary code, as demonstrated by vd_novell.pm, a "Novell eDirectory remote exploit." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2008-4507 1 Ibm 1 Lotus Quickr 2026-04-23 N/A
Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 (8.1.0.1) allows editors to delete pages that were created by a different author via unknown vectors.
CVE-2008-4514 1 Konqueror 1 Konqueror 2026-04-23 N/A
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.
CVE-2008-4982 1 John Horne 1 Rkhunter 2026-04-23 N/A
rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rkhunter-debug temporary file. NOTE: this is probably a different vulnerability than CVE-2005-1270.
CVE-2006-5818 1 Ibm 1 Lotus Domino 2026-04-23 N/A
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
CVE-2006-5823 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
CVE-2008-4983 1 Scilab 1 Scilab-bin 2026-04-23 N/A
scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/SciLink#####1, (b) /tmp/SciLink#####2, (c) /tmp/SciLink#####3, (d) /tmp/*.#####, (e) /tmp/*.#####.res, (f) /tmp/*.#####.err, and (g) /tmp/*.#####.diff temporary files, related to the (1) scilink, (2) scidoc, and (3) scidem scripts.
CVE-2008-1232 2 Apache, Redhat 7 Tomcat, Certificate System, Enterprise Linux and 4 more 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16 allows remote attackers to inject arbitrary web script or HTML via a crafted string that is used in the message argument to the HttpServletResponse.sendError method.
CVE-2006-5831 1 Aiocp 1 Aiocp 2026-04-23 N/A
PHP remote file inclusion vulnerability in admin/code/index.php in All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the load_page parameter.