Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-1529 1 Surfcontrol 1 Superscout Email Filter 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter.
CVE-2005-2168 1 Frozenplague.net 1 Plague News System 2025-04-03 N/A
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
CVE-2005-2173 1 Mozilla 1 Bugzilla 2025-04-03 N/A
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.
CVE-2006-0375 1 Advantage Century Telecommunication 1 P202s 2025-04-03 N/A
Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks.
CVE-2006-1441 1 Apple 1 Mac Os X 2025-04-03 N/A
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
CVE-2005-2174 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete.
CVE-2005-2200 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2025-04-03 N/A
Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication.
CVE-2005-2202 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2206 1 Elemental Software 1 Cartwiz 2025-04-03 N/A
Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp.
CVE-2005-2207 1 Elemental Software 1 Cartwiz 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2006-0389 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
CVE-2005-2211 1 Sukria 1 Backup Manager 2025-04-03 N/A
Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.
CVE-2005-2214 1 Debian 1 Apt-setup 2025-04-03 N/A
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2006-0391 1 Apple 1 Mac Os X 2025-04-03 N/A
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
CVE-2005-2215 1 Mediawiki 1 Mediawiki 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
CVE-2005-2216 1 Photogal 1 Photogal Photo Gallery 2025-04-03 N/A
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.
CVE-2006-0392 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted Canon RAW image.
CVE-2005-2217 1 Craig Dansie 1 Dansie Shopping Cart 2025-04-03 N/A
Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables.
CVE-2006-0393 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a denial of service or determine account existence by attempting to log in using an invalid user, which causes the server to hang.
CVE-2005-2219 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action.