Export limit exceeded: 346300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2429 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. | ||||
| CVE-2005-2432 | 1 Tincan | 1 Phplist | 2026-04-16 | N/A |
| SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin. | ||||
| CVE-2005-2433 | 1 Tincan | 1 Phplist | 2026-04-16 | N/A |
| PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message. | ||||
| CVE-2005-2437 | 1 Website Baker | 1 Website Baker | 2026-04-16 | N/A |
| Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code. | ||||
| CVE-2005-2441 | 1 Vbzoom | 1 Vbzoom | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php. | ||||
| CVE-2005-2444 | 1 Cerulean Studios | 1 Trillian Pro | 2026-04-16 | N/A |
| Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information. | ||||
| CVE-2006-2612 | 1 Novell | 1 Client | 2026-04-16 | N/A |
| Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. | ||||
| CVE-2005-2445 | 1 Early Impact | 1 Product Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter. | ||||
| CVE-2006-2615 | 1 Russcom Network | 1 Russcom.ping | 2026-04-16 | N/A |
| ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter. | ||||
| CVE-2005-2451 | 1 Cisco | 2 Ios, Ios Xr | 2026-04-16 | N/A |
| Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | ||||
| CVE-2005-2456 | 3 Debian, Linux, Redhat | 3 Debian Linux, Linux Kernel, Enterprise Linux | 2026-04-16 | 5.5 Medium |
| Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. | ||||
| CVE-2006-2616 | 1 Alstrasoft | 1 Webhost Directory | 2026-04-16 | N/A |
| SQL injection vulnerability in the search script in (1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost Directory 1.2, allows remote attackers to execute arbitrary SQL commands via the uri parameter. | ||||
| CVE-2005-2478 | 1 Silver-scripts | 1 Silvernews | 2026-04-16 | N/A |
| SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel. | ||||
| CVE-2005-2479 | 1 Pablo Software Solutions | 1 Quick N Easy Ftp Server | 2026-04-16 | N/A |
| Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command. | ||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | ||||
| CVE-2005-2489 | 1 Web Content Management | 1 Web Content Management News System | 2026-04-16 | N/A |
| Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. | ||||
| CVE-2005-2536 | 1 Pstotext | 1 Pstotext | 2026-04-16 | N/A |
| pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file. | ||||
| CVE-2005-2537 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | ||||
| CVE-2005-2539 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. | ||||
| CVE-2005-2541 | 1 Gnu | 1 Tar | 2026-04-16 | 7.0 High |
| Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | ||||