Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4702 1 Microsoft 3 Windows 2003 Server, Windows Media Player, Windows Xp 2026-04-23 N/A
Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
CVE-2006-4805 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2026-04-23 N/A
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a zero length value when it is decoded.
CVE-2006-4807 1 Enlightenment 1 Imlib2 2026-04-23 N/A
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
CVE-2006-4808 1 Enlightenment 1 Imlib2 2026-04-23 N/A
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
CVE-2006-4810 2 Gnu, Redhat 2 Texinfo, Enterprise Linux 2026-04-23 N/A
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
CVE-2006-4814 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-23 N/A
The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
CVE-2006-4819 1 Opera 1 Opera Browser 2026-04-23 N/A
Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote attackers to execute arbitrary code via a long URL in a tag (long link address).
CVE-2006-4924 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-23 N/A
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
CVE-2006-4927 1 Symantec 2 Naveng Driver, Navex15 Driver 2026-04-23 N/A
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB.
CVE-2006-5013 1 Sun 1 Solaris 2026-04-23 N/A
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
CVE-2006-5014 1 Cpanel 1 Cpanel 2026-04-23 8.8 High
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
CVE-2006-5015 1 Kietu 1 Kietu 2026-04-23 N/A
PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows remote attackers to execute arbitrary PHP code via an FTP URL in the url_hit parameter.
CVE-2006-5016 1 E-vision 1 E-vision Cms 2026-04-23 N/A
Unrestricted file upload vulnerability in admin/x_image.php in Szava Gyula and Csaba Tamas e-Vision CMS, probably 1.0, allows remote attackers to upload arbitrary files to the /imagebank directory.
CVE-2006-5018 1 Contentkeeper Technologies 1 Contentkeeper 2026-04-23 N/A
ContentKeeper 123.25 and earlier places passwords in cleartext in an INPUT element in cgi-bin/ck/changepw.cgi, which allows remote authenticated users to obtain passwords via this URI.
CVE-2009-4091 1 Simplog 1 Simplog 2026-04-23 N/A
comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action.
CVE-2009-3086 1 Rubyonrails 1 Rails 2026-04-23 N/A
A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x before 2.3.4, leaks information about the complexity of message-digest signature verification in the cookie store, which might allow remote attackers to forge a digest via multiple attempts.
CVE-2009-3091 1 Asus 1 Asus Wl-330ge 2026-04-23 N/A
Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3092 1 Asus 1 Asus Wl-500w 2026-04-23 N/A
Buffer overflow on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3093 1 Asus 1 Asus Wl-500w 2026-04-23 N/A
Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3106 1 Ibm 1 Websphere Application Server 2026-04-23 N/A
The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.