Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2176 1 Novell 1 Netmail 2026-04-16 N/A
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
CVE-2005-2175 1 Ibm 1 Lotus Notes 2026-04-16 N/A
The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
CVE-2005-2174 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
CVE-2005-2184 1 Emc 1 Eroom 2026-04-16 N/A
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
CVE-2005-2185 1 Emc 1 Eroom 2026-04-16 N/A
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
CVE-2005-2186 1 Mcafee 1 Intrushield Security Management System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp.
CVE-2005-2201 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
CVE-2005-2198 1 Spid 1 Spid 2026-04-16 N/A
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
CVE-2005-2199 1 Skrypty 1 Ppa Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
CVE-2005-2202 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2203 1 Phpwishlist 1 Phpwishlist 2026-04-16 N/A
login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php.
CVE-2005-2205 1 Pngren 1 Pngren 2026-04-16 N/A
The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
CVE-2005-2200 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.
CVE-2005-2212 1 Sukria 1 Backup Manager 2026-04-16 N/A
Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository.
CVE-2005-2214 1 Debian 1 Apt-setup 2026-04-16 N/A
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-2219 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.
CVE-2005-2223 1 Mailenable 2 Mailenable Professional, Mailenable Standard 2026-04-16 N/A
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
CVE-2005-2228 1 Bdc Enterprises 1 Web Wiz Forums 2026-04-16 N/A
Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum.
CVE-2005-2231 1 High Availability Linux Project 1 Heartbeat 2026-04-16 N/A
High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-2234 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.