Search Results (364207 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4501 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attackers to bypass protection against cross-site scripting (XSS) attacks and execute Javascript using inline style attributes, which are processed by Internet Explorer.
CVE-1999-1519 1 Gene6 1 G6 Ftp Server 2026-04-16 N/A
Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of service (resource exhaustion) via a long (1) user name or (2) password.
CVE-2005-4502 1 Net-square 1 Httprint 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response, which is not sanitized before being displayed to the user.
CVE-2006-2477 1 Bitrix 1 Bitrix Site Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the administrative interface Bitrix Site Manager 4.1.x allows remote attackers to inject arbitrary web script or HTML via unspecified inputs.
CVE-2005-4505 1 Mcafee 2 Common Management Agent, Virusscan Enterprise 2026-04-16 N/A
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
CVE-1999-1523 1 Sambar 1 Sambar Server 2026-04-16 N/A
Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request.
CVE-2005-4506 1 Nexus Concepts 1 Dev Hound 2026-04-16 N/A
Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in the devhound.tdbd file, which allows local users to gain privileges.
CVE-2005-4515 1 Lois Software 1 Webdb 2026-04-16 N/A
SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search parameters, possibly Search0. NOTE: the vendor has disputed this issue, saying that "WebDB is a generic online database system used by many of the clients of Lois Software. The flaw that was identified was some code that was added for a client to do some testing of his system and only certain safe commands were allowed. This code has now been removed and it is not now possible to use SQL queries as part of the query string. No installation or patch is required All clients use a common code library and have their own front end and databases and connections. So as soon as a change / upgrade / enhancement is made to the code, all users of the software begin to use the latest changes immediately." Since the issue appeared in a custom web site and no action is required on the part of customers, this issue should not be included in CVE
CVE-2005-4521 1 Mantis 1 Mantis 2026-04-16 N/A
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
CVE-2006-3490 1 F-secure 3 F-secure Anti-virus, F-secure Internet Security, F-secure Service Platform For Service Providers 2026-04-16 N/A
F-Secure Anti-Virus 2003 through 2006 and other versions, Internet Security 2003 through 2006, and Service Platform for Service Providers 6.x and earlier does not scan files contained on removable media when "Scan network drives" is disabled, which allows remote attackers to bypass anti-virus controls.
CVE-2006-3740 3 Redhat, X.org, Xfree86 Project 3 Enterprise Linux, X.org, Xfree86 X 2026-04-16 N/A
Integer overflow in the scan_cidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted (1) CMap and (2) CIDFont font data with modified item counts in the (a) begincodespacerange, (b) cidrange, and (c) notdefrange sections.
CVE-2006-2478 1 Bitrix 1 Bitrix Site Manager 2026-04-16 N/A
Bitrix Site Manager 4.1.x allows remote attackers to redirect users to other websites via a modified back_url during a HTTP POST request. NOTE: this issue has been referred to as "cross-site scripting," but that is inconsistent with the common use of the term.
CVE-2006-3491 1 Christophe Thibault 1 Kaillera 2026-04-16 N/A
Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows remote attackers to execute arbitrary code via a long nickname.
CVE-2006-2484 1 Icewarp 1 Web Mail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.html in IceWarp WebMail 5.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the PHPSESSID parameter.
CVE-2005-4523 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.
CVE-2005-4524 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
CVE-2006-2494 1 Lacaveprods 1 Intellitamper 2026-04-16 N/A
Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file.
CVE-2005-4527 1 Direct News 1 Direct News 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.
CVE-2005-4534 1 Mozilla 1 Bugzilla 2026-04-16 N/A
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-4536 1 Debian 1 Libmail-audit-perl 2026-04-16 N/A
Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.