Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0902 4 Conectiva, Mozilla, Redhat and 1 more 9 Linux, Mozilla, Thunderbird and 6 more 2026-04-16 N/A
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
CVE-2005-1263 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
CVE-2006-0200 1 Php 1 Php 2026-04-16 N/A
Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages.
CVE-2005-1266 2 Apache, Redhat 2 Spamassassin, Enterprise Linux 2026-04-16 N/A
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.
CVE-2006-2111 1 Microsoft 1 Outlook Express 2026-04-16 N/A
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability."
CVE-2005-1267 5 Gentoo, Lbl, Mandrakesoft and 2 more 6 Linux, Tcpdump, Mandrake Linux and 3 more 2026-04-16 N/A
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
CVE-2005-1268 3 Apache, Debian, Redhat 6 Http Server, Debian Linux, Enterprise Linux and 3 more 2026-04-16 N/A
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.
CVE-2005-1269 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
CVE-2005-1270 1 Gentoo 1 Rootkit Hunter 2026-04-16 N/A
The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2005-1272 2 Broadcom, Ca 4 Brightstor Enterprise Backup, Brightstor Arcserve Backup, Brightstor Arcserve Backup Agent and 1 more 2026-04-16 N/A
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
CVE-2005-1274 1 Mysql 1 Maxdb 2026-04-16 N/A
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter.
CVE-2005-1275 3 Graphicsmagick, Imagemagick, Redhat 3 Graphicsmagick, Imagemagick, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value.
CVE-2005-1278 2 Lbl, Redhat 2 Tcpdump, Enterprise Linux 2026-04-16 N/A
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
CVE-2005-1279 2 Lbl, Redhat 2 Tcpdump, Enterprise Linux 2026-04-16 N/A
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
CVE-2005-1283 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.
CVE-2005-1285 1 Woltlab 1 Burning Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
CVE-2005-1286 1 Softwin 1 Bitdefender Antivirus 2026-04-16 N/A
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
CVE-2005-1290 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
CVE-2005-1293 1 Storeportal 1 Storeportal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
CVE-2005-1311 1 Yappa-ng 1 Yappa-ng 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.