Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0066 2 Bindview, Funk Software 2 Netrc, Funk Software Proxy 2026-04-16 N/A
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.
CVE-2005-2524 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-16 N/A
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
CVE-2005-2509 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
CVE-2005-2556 1 Mantis 1 Mantis 2026-04-16 N/A
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
CVE-2005-2501 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
CVE-2005-2511 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
CVE-2006-3383 1 Mads 1 Mads 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover within a URL. NOTE: the provenance of this information is unknown; the details are obtained solely from third party reports.
CVE-2002-0080 2 Redhat, Samba 2 Linux, Rsync 2026-04-16 N/A
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVE-2005-0173 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.
CVE-2005-2522 1 Apple 2 Mac Os X, Safari 2026-04-16 N/A
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
CVE-2004-2584 1 Smartertools 1 Smartermail 2026-04-16 N/A
frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability.
CVE-2006-3398 1 Pkr Internet 1 Taskjitsu 2026-04-16 N/A
The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor.
CVE-2006-3399 1 Moniwiki 1 Moniwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632.
CVE-2004-2590 1 Meindlsoft 1 Cute Php Library 2026-04-16 N/A
Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
CVE-2005-0015 1 Crosswire Bible Society 1 Sword 2026-04-16 N/A
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
CVE-2005-2586 1 Mentor 1 Adslfr4ii 2026-04-16 N/A
Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information.
CVE-2004-2591 1 Buttuglysoftware 1 Cleancache 2026-04-16 N/A
The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.
CVE-2005-0183 1 Squirrelmail 1 Vacation Plugin 2026-04-16 N/A
ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.
CVE-2005-0017 1 F2c Open Source Project 1 F2c Translator 2026-04-16 N/A
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
CVE-2005-1403 1 Just Williams 1 Amazon Webstore 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.