Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-3589 | 1 Vmware | 5 Esx, Infrastructure, Player and 2 more | 2026-04-16 | N/A |
| vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | ||||
| CVE-2004-0481 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file. | ||||
| CVE-2005-4629 | 1 Smbcms | 1 Smbcms | 2026-04-16 | N/A |
| SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | ||||
| CVE-2005-3370 | 1 Arcavir | 1 Arcavir 2005 | 2026-04-16 | N/A |
| Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2004-0591 | 1 Inter7 | 1 Sqwebmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. | ||||
| CVE-2006-3606 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library. | ||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | ||||
| CVE-2005-3372 | 1 Broadcom | 1 Etrust Antivirus | 2026-04-16 | N/A |
| Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2005-4637 | 1 Kayako | 1 Supportsuite | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. | ||||
| CVE-2004-0655 | 1 Esearch | 1 Emerge Search Tool | 2026-04-16 | N/A |
| eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file. | ||||
| CVE-2005-4643 | 1 Antharia | 1 Oncontent Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE. | ||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | ||||
| CVE-2004-0690 | 1 Kde | 1 Kde | 2026-04-16 | N/A |
| The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. | ||||
| CVE-2005-4653 | 1 Al-caricatier | 1 Al-caricatier | 2026-04-16 | N/A |
| Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument. | ||||
| CVE-2004-0691 | 2 Redhat, Trolltech | 2 Enterprise Linux, Qt | 2026-04-16 | N/A |
| Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code. | ||||
| CVE-2004-0693 | 2 Redhat, Trolltech | 2 Enterprise Linux, Qt | 2026-04-16 | N/A |
| The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692. | ||||
| CVE-2004-2500 | 1 Ilohamail | 1 Ilohamail | 2026-04-16 | N/A |
| Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors. | ||||
| CVE-2004-0760 | 2 Mozilla, Redhat | 2 Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI. | ||||
| CVE-2005-4701 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx. | ||||
| CVE-2004-0792 | 2 Andrew Tridgell, Redhat | 2 Rsync, Enterprise Linux | 2026-04-16 | N/A |
| Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. | ||||