Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2207 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2208 1 Privashare 1 Privashare 2026-04-16 N/A
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-1999-0329 1 Sgi 1 Irix 2026-04-16 N/A
SGI mediad program allows local users to gain root access.
CVE-2005-2211 1 Sukria 1 Backup Manager 2026-04-16 N/A
Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.
CVE-2006-3548 1 Horde 1 Horde 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1 allow remote attackers to inject arbitrary web script or HTML via a (1) javascript URI or an external (2) http, (3) https, or (4) ftp URI in the url parameter in services/go.php (aka the dereferrer), (5) a javascript URI in the module parameter in services/help (aka the help viewer), and (6) the name parameter in services/problem.php (aka the problem reporting screen).
CVE-2005-2440 1 Thomson Netg 1 Web Skill Vantage Manager 2026-04-16 N/A
SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter.
CVE-2005-2444 1 Cerulean Studios 1 Trillian Pro 2026-04-16 N/A
Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.
CVE-2005-2455 1 Greasemonkey 1 Greasemonkey 2026-04-16 N/A
Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.
CVE-2005-2471 2 Netpbm, Redhat 2 Netpbm, Enterprise Linux 2026-04-16 N/A
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
CVE-2005-2472 1 Netcplus 1 Businessmail 2026-04-16 N/A
Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.
CVE-2006-3576 1 Sensesites 1 Commonsense Cms 2026-04-16 N/A
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-1999-0391 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2026-04-16 N/A
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
CVE-1999-1357 1 Netscape 1 Communicator 2026-04-16 N/A
Netscape Communicator 4.04 through 4.7 (and possibly other versions) in various UNIX operating systems converts the 0x8b character to a "<" sign, and the 0x9b character to a ">" sign, which could allow remote attackers to attack other clients via cross-site scripting (CSS) in CGI programs that do not filter these characters.
CVE-2005-2473 1 Churchinfo 1 Churchinfo 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.
CVE-2004-0611 1 Netgear 1 Fvs318 2026-04-16 N/A
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
CVE-1999-0393 1 Eric Allman 1 Sendmail 2026-04-16 N/A
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
CVE-2006-3580 1 Asp Stats Generator 1 Asp Stats Generator 2026-04-16 N/A
SQL injection vulnerability in pages.asp in ASP Stats Generator before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the order parameter.
CVE-2005-2474 1 Churchinfo 1 Churchinfo 2026-04-16 N/A
ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.
CVE-2005-2485 1 Logicampus 1 Logicampus 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2486 1 Portailphp 1 Portailphp 2026-04-16 N/A
SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701.