Search Results (9578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1532 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
CVE-2005-2454 1 Ibm 1 Lotus Notes 2026-04-16 N/A
IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.
CVE-2005-2492 3 Canonical, Linux, Redhat 3 Ubuntu Linux, Linux Kernel, Enterprise Linux 2026-04-16 N/A
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
CVE-2005-3179 1 Linux 1 Linux Kernel 2026-04-16 N/A
drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.
CVE-2005-3257 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys.
CVE-2005-3273 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The rose_rt_ioctl function in rose_route.c for Radionet Open Source Environment (ROSE) in Linux 2.6 kernels before 2.6.12, and 2.4 before 2.4.29, does not properly verify the ndigis argument for a new route, which allows attackers to trigger array out-of-bounds errors with a large number of digipeats.
CVE-2005-4069 1 Sunncomm 1 Mediamax Drm 2026-04-16 N/A
SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe.
CVE-2005-4089 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains that are not valid Cascading Style Sheets (CSS) files, as demonstrated using Google Desktop, aka "CSSXSS" and "CSS Cross-Domain Information Disclosure Vulnerability."
CVE-2005-4093 1 Checkpoint 2 Secureclient Ng, Vpn-1 Secureclient 2026-04-16 N/A
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
CVE-2005-4217 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable to set uid, which allows attackers to gain privileges.
CVE-2006-0697 1 Zen-cart 1 Zen Cart 2026-04-16 N/A
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
CVE-2006-4302 1 Sun 2 J2se, Java Web Start 2026-04-16 N/A
The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web Start 1.0 through 1.2 and J2SE 1.4.2 through 5.0 Update 5, allows remote attackers to exploit vulnerabilities by specifying a JRE version that contain vulnerabilities.
CVE-2006-4253 4 K-meleon Project, Mozilla, Netscape and 1 more 4 K-meleon, Firefox, Navigator and 1 more 2026-04-16 N/A
Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple Javascript timed events that load a deeply nested XML file, followed by redirecting the browser to another page, which leads to a concurrency failure that causes structures to be freed incorrectly, as demonstrated by (1) ffoxdie and (2) ffoxdie3. NOTE: it has been reported that Netscape 8.1 and K-Meleon 1.0.1 are also affected by ffoxdie. Mozilla confirmed to CVE that ffoxdie and ffoxdie3 trigger the same underlying vulnerability. NOTE: it was later reported that Firefox 2.0 RC2 and 1.5.0.7 are also affected.
CVE-2006-0700 1 Imagevue 1 Imagevue 2026-04-16 N/A
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
CVE-2006-0859 1 Michael Salzer 1 Guestbox 2026-04-16 N/A
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter.
CVE-2006-1524 1 Linux 1 Linux Kernel 2026-04-16 N/A
madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow file and mmap restrictions, which allows local users to bypass IPC permissions and replace portions of readonly tmpfs files with zeroes, aka the MADV_REMOVE vulnerability. NOTE: this description was originally written in a way that combined two separate issues. The mprotect issue now has a separate name, CVE-2006-2071.
CVE-2006-3443 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
CVE-2006-1725 1 Mozilla 2 Firefox, Seamonkey 2026-04-16 N/A
Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.
CVE-2006-3561 1 Bt 1 Voyager 2091 Wireless Adsl Router 2026-04-16 N/A
BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.
CVE-2006-1726 1 Mozilla 3 Firefox, Seamonkey, Thunderbird 2026-04-16 N/A
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.