Export limit exceeded: 349420 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29913 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29913 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2221 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure. | ||||
| CVE-2005-2225 | 1 Microsoft | 1 Msn Messenger Service | 2026-04-16 | N/A |
| Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. | ||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2026-04-16 | N/A |
| Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | ||||
| CVE-2005-2228 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2026-04-16 | N/A |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | ||||
| CVE-2005-2229 | 1 Blog Torrent | 1 Blog Torrent | 2026-04-16 | N/A |
| Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. | ||||
| CVE-2005-2237 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2005-2240 | 1 Xpvm | 1 Xpvm | 2026-04-16 | N/A |
| xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. | ||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | ||||
| CVE-2005-2242 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to (1) the CTI Manager (ctimgr.exe) or (2) the CallManager (ccm.exe). | ||||
| CVE-2005-2244 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow. | ||||
| CVE-2005-2249 | 1 Jinzora | 1 Jinzora | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact and attack vectors, possibly involving a PHP file inclusion vulnerability. | ||||
| CVE-2005-2256 | 1 Phppgadmin | 1 Phppgadmin | 2026-04-16 | N/A |
| Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter. | ||||
| CVE-2005-2261 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2026-04-16 | N/A |
| Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection. | ||||
| CVE-2005-2265 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. | ||||
| CVE-2005-2267 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. | ||||
| CVE-2005-2372 | 1 Oracle | 1 Forms | 2026-04-16 | N/A |
| Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet. | ||||
| CVE-2005-2374 | 1 Belkin | 1 Belkin 54g Wireless Router | 2026-04-16 | N/A |
| Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. | ||||
| CVE-2005-2377 | 1 Mandrakesoft | 2 Mandrake Linux, Mandrake Linux Corporate Server | 2026-04-16 | N/A |
| nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE. | ||||
| CVE-2005-2380 | 1 Php Surveyor | 1 Php Surveyor | 2026-04-16 | N/A |
| Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 allow remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) start, and (3) id parameters to browse.php, or the sid parameter to (4) dataentry.php or (5) export.php. | ||||
| CVE-2006-4888 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT. | ||||