Search Results (363856 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2754 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."
CVE-2005-2755 1 Apple 1 Quicktime 2026-04-16 N/A
Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.
CVE-2005-2756 1 Apple 1 Quicktime 2026-04-16 N/A
Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.
CVE-2006-1894 1 Revoboard 1 Revoboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived from PunBB, allows remote attackers to inject arbitrary web script or HTML via a substitution cipher of the email tag, which is transformed when the application's e-mail address obfuscator reverses the transformation. NOTE: it is not clear whether this is a site-specific issue; however, the claimed codebase relationship with PunBB might be relevant.
CVE-2006-3323 1 Mastersfusion 1 Mf Piadas 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/admin.php in MF Piadas 1.0 allows remote attackers to execute arbitrary PHP code via the page parameter. NOTE: the same vector can be used for cross-site scripting, but CVE analysis suggests that this is resultant from file inclusion of HTML or script.
CVE-2005-2758 1 Symantec 2 Antivirus Scan Engine, Antivirus Scan Engine For Network Attached Storage 2026-04-16 N/A
Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow.
CVE-2005-2761 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message.
CVE-2005-2768 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length.
CVE-2005-2769 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.
CVE-2005-2776 1 Looking Glass 1 Looking Glass 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php.
CVE-2001-1535 1 Open Source Development Network 1 Slashcode 2026-04-16 N/A
Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.
CVE-2005-2777 1 Looking Glass 1 Looking Glass 2026-04-16 N/A
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
CVE-2005-2782 1 Autolinks 1 Autolinks 2026-04-16 N/A
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.
CVE-2005-2785 1 Cosmoshop 1 Cosmoshop 2026-04-16 N/A
cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.
CVE-2005-2786 1 Cosmoshop 1 Cosmoshop 2026-04-16 N/A
Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
CVE-2005-2787 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.
CVE-2006-1895 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
CVE-2005-2788 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
CVE-2005-2789 1 Bfcommand And Control Software 2 Bfcc, Bfvcc 2026-04-16 N/A
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username.
CVE-2005-2790 1 Bfcommand And Control Software 2 Bfcc, Bfvcc 2026-04-16 N/A
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client.