Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1198 | 1 Anaconda Partners | 1 Foundation Directory | 2026-04-16 | N/A |
| Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter. | ||||
| CVE-2006-0728 | 1 Webspell | 1 Webspell | 2026-04-16 | N/A |
| SQL injection vulnerability in search.php in webSPELL 4.01.00 and earlier allows remote attackers to inject arbitrary SQL commands via the title_op parameter. | ||||
| CVE-2006-4330 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-04-16 | N/A |
| Unspecified vulnerability in the SCSI dissector in Wireshark (formerly Ethereal) 0.99.2 allows remote attackers to cause a denial of service (crash) via unspecified vectors. | ||||
| CVE-2005-1220 | 1 Knusperleicht | 1 Shoutbox Script | 2026-04-16 | N/A |
| Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | ||||
| CVE-2006-0732 | 1 Sap | 1 Business Connector | 2026-04-16 | N/A |
| Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. Details will be updated after the grace period has ended. NOTE: SAP Business Connector is an OEM version of webMethods Integration Server. webMethods states that this issue can only occur when the product is installed as root/admin, and if the attacker has access to a general purpose port; however, both are discouraged in the documentation. In addition, the attacker must already have acquired administrative privileges through other means. | ||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2026-04-16 | N/A |
| Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | ||||
| CVE-2005-1230 | 1 Magnus Lundvall | 1 Yawcam | 2026-04-16 | N/A |
| Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request. | ||||
| CVE-2006-0733 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in WordPress 2.0.0 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes such as (1) onfocus and (2) onblur in the "author's website" field. NOTE: followup comments to the researcher's web log suggest that this issue is only exploitable by the same user who injects the XSS, so this might not be a vulnerability | ||||
| CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2006-0742 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems. | ||||
| CVE-2005-1248 | 1 Apple | 1 Itunes | 2026-04-16 | N/A |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | ||||
| CVE-2005-3987 | 1 Tradesoft | 1 Tradesoft Cms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | ||||
| CVE-2005-1281 | 1 Ethereal Group | 1 Ethereal | 2026-04-16 | N/A |
| Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. | ||||
| CVE-2005-1293 | 1 Storeportal | 1 Storeportal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter. | ||||
| CVE-2005-1294 | 1 Nokia | 1 Affix | 2026-04-16 | N/A |
| The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | ||||
| CVE-2005-1295 | 1 Include.cgi | 1 Include.cgi | 2026-04-16 | N/A |
| include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||
| CVE-2006-4349 | 1 Toenda Software Development | 1 Toendacms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in ToendaCMS 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tcms_administer_site parameter to an unspecified script, probably index.php. NOTE: this issue has been disputed by a third party, who states that $tcms_administer_site is initialized to a constant value within index.php | ||||
| CVE-2005-1321 | 1 Horde | 1 Vaction | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. | ||||
| CVE-2006-4354 | 1 Phome Empire | 1 Phome Empire Cms | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in e/class/CheckLevel.php in Phome Empire CMS 3.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the check_path parameter. | ||||
| CVE-2005-1327 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter. | ||||