Export limit exceeded: 345462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2164 | 1 Covide Groupware-crm | 1 Covide | 2026-04-16 | N/A |
| SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2005-2173 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | ||||
| CVE-2005-2175 | 1 Ibm | 1 Lotus Notes | 2026-04-16 | N/A |
| The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | ||||
| CVE-2005-2183 | 1 Phpxmail | 1 Phpxmail | 2026-04-16 | N/A |
| class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access. | ||||
| CVE-2005-2186 | 1 Mcafee | 1 Intrushield Security Management System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. | ||||
| CVE-2005-2188 | 1 Mcafee | 1 Intrushield Security Management System | 2026-04-16 | N/A |
| McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | ||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | ||||
| CVE-2005-2191 | 1 Comersus Open Technologies | 1 Comersus Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. | ||||
| CVE-2005-2200 | 1 Xerox | 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | ||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2026-04-16 | N/A |
| Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | ||||
| CVE-2005-2241 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe. | ||||
| CVE-2005-2243 | 1 Cisco | 1 Call Manager | 2026-04-16 | N/A |
| Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail. | ||||
| CVE-2005-2245 | 1 F5 | 1 Tmos | 2026-04-16 | N/A |
| Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers. | ||||
| CVE-2005-2254 | 1 Gianluca Baldo | 1 Phpauction | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 allow remote attackers to inject arbitrary web script or HTML via the lan parameter to (1) index.php or (2) admin/index.php, or (3) the auction_id parameter to profile.php. NOTE: there is evidence that viewnews.php and login.php may not be part of the PhpAuction product, so they are not included in this description. | ||||
| CVE-1999-0811 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Buffer overflow in Samba smbd program via a malformed message command. | ||||
| CVE-2005-2267 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL. | ||||
| CVE-2005-2269 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing"). | ||||
| CVE-2005-2278 | 1 Mailenable | 1 Mailenable Professional | 2026-04-16 | N/A |
| Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name. | ||||
| CVE-2005-2287 | 1 Softiacom | 1 Wmailserver | 2026-04-16 | N/A |
| SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow. | ||||
| CVE-2005-2299 | 1 Man And Machine Ltd. | 1 Simple Message Board | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2) UID parameter to user.cfm, (3) TID parameter to thread.cfm, or (4) PostDate parameter to search.cfm. | ||||