Search Results (363853 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1033 1 Sun 1 I-runbook 2026-04-16 N/A
Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via a "..:" sequence (dot-dot variant) in the argument.
CVE-2005-2279 1 Cisco 1 Ons 15216 Optical Add Drop Multiplexer Software 2026-04-16 N/A
Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware 2.2.2 and earlier allows remote attackers to cause a denial of service (management plane session loss) via crafted telnet data.
CVE-2005-2281 1 Juvare 1 Webeoc 2026-04-16 7.5 High
WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.
CVE-2006-1782 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch.
CVE-2005-2285 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
CVE-2005-2287 1 Softiacom 1 Wmailserver 2026-04-16 N/A
SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow.
CVE-2005-2289 1 Phpcounter 1 Phpcounter 2026-04-16 N/A
PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message.
CVE-2006-1783 1 Patronet 1 Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI.
CVE-2005-1458 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.
CVE-2005-2291 1 Oracle 1 Jdeveloper 2026-04-16 N/A
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
CVE-2005-2292 1 Oracle 1 Jdeveloper 2026-04-16 N/A
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
CVE-2005-1460 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.
CVE-2005-2295 1 Pyrosoft Inc 1 Netpanzer 2026-04-16 N/A
NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.
CVE-2006-1784 1 Sphider 1 Sphider 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter.
CVE-2005-2296 1 Yabb 1 Yabb 2026-04-16 N/A
YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path.
CVE-2005-2298 1 Softwin 1 Bitdefender Engine 2026-04-16 N/A
BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards.
CVE-2005-2308 1 Microsoft 1 Ie 2026-04-16 N/A
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
CVE-2005-2321 1 Calogic 1 Calogic 2026-04-16 N/A
PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php.
CVE-2006-1786 1 Adobe 1 Document Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.
CVE-2005-2329 1 Mrv Communications 3 In Reach Lx 1000s, In Reach Lx 4000s, In Reach Lx 8000s 2026-04-16 N/A
MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users.