Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3564 1 Hivemail 1 Hivemail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the email, (2) cond, or (3) name parameters to (a) addressbook.view.php, (4) the daysprune parameter to (b) index.php, (5) the data[to] parameter to (c) compose.email.php, and (6) the markas parameter to (d) read.markas.php.
CVE-2005-2304 1 Microsoft 2 Internet Explorer, Live Messenger 2026-04-16 N/A
Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) via an image with an ICC Profile with a large Tag Count.
CVE-2005-2308 1 Microsoft 1 Ie 2026-04-16 N/A
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
CVE-1999-0363 2 Plp, Suse 2 Line Printer Control, Suse Linux 2026-04-16 N/A
SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.
CVE-2005-2314 1 Phpsftpd 1 Phpsftpd 2026-04-16 N/A
inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response.
CVE-2005-2326 1 Clever Copy 1 Clever Copy 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a allows remote attackers to inject arbitrary web script or HTML via the yr parameter to calendar.php.
CVE-2005-2327 1 E107 1 E107 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags.
CVE-1999-0386 1 Microsoft 2 Frontpage, Personal Web Server 2026-04-16 N/A
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
CVE-2004-1144 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.
CVE-2005-2329 1 Mrv Communications 3 In Reach Lx 1000s, In Reach Lx 4000s, In Reach Lx 8000s 2026-04-16 N/A
MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users.
CVE-2005-2330 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter.
CVE-2005-2366 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.
CVE-2006-3567 1 Juniper 1 Dx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field.
CVE-2005-2375 1 Codemasters 1 Toca Race Driver 2026-04-16 N/A
Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message.
CVE-2005-2379 1 Oracle 1 Reports 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet.
CVE-2005-2386 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2392 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function.
CVE-2005-2538 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter.
CVE-1999-0394 2026-04-16 N/A
DPEC Online Courseware allows an attacker to change another user's password without knowing the original password.
CVE-2005-2540 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request.