Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2599 1 Hummingbird 1 Connectivity 2026-04-16 N/A
Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges.
CVE-2005-2603 1 My Image Gallery 1 My Image Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters.
CVE-2005-2610 1 Vegadns 1 Vegadns 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2628 2 Macromedia, Redhat 2 Flash Player, Rhel Extras 2026-04-16 N/A
Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.
CVE-2005-2638 1 Phpfreenews 1 Phpfreenews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
CVE-2005-2640 3 Juniper, Neoteris, Netscreen 16 Netscreen-5gt, Netscreen-idp, Netscreen-idp 10 and 13 more 2026-04-16 N/A
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
CVE-2005-2641 2 Padl Software, Redhat 2 Pam Ldap, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.
CVE-2005-2645 1 Xerox 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more 2026-04-16 N/A
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication.
CVE-1999-0945 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
CVE-2005-2647 1 Xerox 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors.
CVE-2005-2649 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
CVE-2005-2653 1 Bbcaffe 1 Bbcaffe 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message.
CVE-2005-2657 1 Common-lisp-controller 1 Common-lisp-controller 2026-04-16 N/A
Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before.
CVE-1999-0963 1 Freebsd 1 Freebsd 2026-04-16 N/A
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
CVE-2005-2669 2 Broadcom, Ca 28 Advantage Data Transport, Adviseit, Brightstor Portal and 25 more 2026-04-16 N/A
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
CVE-2005-2674 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
CVE-2005-2695 1 Cisco 2 Ciscoworks Management Center For Ids Sensors, Ciscoworks Monitoring Center For Security 2026-04-16 N/A
Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).
CVE-2005-2706 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
CVE-1999-0976 1 Eric Allman 1 Sendmail 2026-04-16 N/A
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
CVE-2005-2711 1 Iss 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more 2026-04-16 N/A
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.