Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2395 1 Mozilla 1 Firefox 2026-04-16 N/A
Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the strongest authentication scheme available as required by RFC2617, which might cause credentials to be sent in plaintext even if an encrypted channel is available.
CVE-2005-2401 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
CVE-2005-2402 1 Phpsitesearch 1 Phpsitesearch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in PHPSiteSearch 1.7.7d allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2005-2403 1 Realchat 1 Realchat 2026-04-16 N/A
The login protocol in RealChat 3.5.1b does not use authentication, which allows remote attackers to log on as other users by sniffing the beginning of a chat session and replaying it via a modified username.
CVE-2005-2411 1 Tdiary 1 Tdiary 2026-04-16 N/A
Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user.
CVE-2005-2413 1 Atomic Photo Album 1 Atomic Photo Album 2026-04-16 N/A
PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter.
CVE-2005-2421 1 Beehive Forum 1 Beehive Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter.
CVE-2005-2431 1 Gforge 1 Gforge 2026-04-16 N/A
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
CVE-1999-0914 1 Debian 1 Debian Linux 2026-04-16 N/A
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
CVE-2005-2432 1 Tincan 1 Phplist 2026-04-16 N/A
SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.
CVE-2005-2439 1 Usebb 1 Usebb 2026-04-16 N/A
SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.
CVE-2005-2452 1 Libtiff 1 Libtiff 2026-04-16 N/A
libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.
CVE-1999-0915 1 Pacific Software 1 Url Live 2026-04-16 N/A
URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2005-2453 1 Networkactiv 1 Networkactiv Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2005-2456 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2026-04-16 5.5 Medium
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.
CVE-2005-2461 1 Kayako 1 Liveresponse 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
CVE-1999-0916 1 Webtrends 5 Webtrends Enterprise Suite, Webtrends For Firewalls, Webtrends Log Analyzer and 2 more 2026-04-16 N/A
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.
CVE-2005-2463 1 Kayako 1 Liveresponse 2026-04-16 N/A
Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message.
CVE-2005-2464 1 Pcxp Toppe Cms 1 Pcxp Toppe Cms 2026-04-16 N/A
login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid.
CVE-2005-2467 1 Mysql 1 Eventum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.