Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3963 1 Banex 1 Banex 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.
CVE-2005-2159 1 Planetdns 1 Planetfileserver 2026-04-16 N/A
mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request.
CVE-2006-3968 1 Sun 1 Solaris 2026-04-16 N/A
The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.
CVE-2005-2191 1 Comersus Open Technologies 1 Comersus Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp.
CVE-2005-2164 1 Covide Groupware-crm 1 Covide 2026-04-16 N/A
SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2005-2192 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
CVE-2005-2166 1 Frozenplague.net 1 Plague News System 2026-04-16 N/A
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2005-2210 1 Tonec Inc. 1 Internet Download Manager 2026-04-16 N/A
Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.
CVE-2005-2188 1 Mcafee 1 Intrushield Security Management System 2026-04-16 N/A
McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack.
CVE-2005-2231 1 High Availability Linux Project 1 Heartbeat 2026-04-16 N/A
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-2385 1 Alwil 1 Avast Antivirus 2026-04-16 N/A
Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename.
CVE-2005-2387 1 Goodtech Systems 1 Goodtech Smtp Server 2026-04-16 N/A
Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute arbitrary code via (1) a RCPT TO command with a long DNS name, or (2) a large number of RCPT TO commands with a long e-mail name arugment in the last command.
CVE-2005-2414 1 Xpcom 1 Xpcom 2026-04-16 N/A
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
CVE-2005-2426 1 Ftpshell 1 Ftpshell Server 2026-04-16 N/A
FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.
CVE-2005-2595 1 Dada Mail 1 Dada Mail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages.
CVE-2006-4050 1 David Walker 1 Phpautomembersarea 2026-04-16 N/A
PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.
CVE-2005-2611 1 Symantec Veritas 3 Backup Exec, Backup Exec Remote Agent, Netbackup 2026-04-16 N/A
VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server.
CVE-2005-2631 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-16 N/A
Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users.
CVE-2005-2646 1 Xerox 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more 2026-04-16 N/A
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.
CVE-2005-2652 1 Phpoutsourcing 1 Zorum 2026-04-16 N/A
Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php.