Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1510 1 Pwsphp 1 Pwsphp 2025-04-03 N/A
PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.
CVE-2005-1515 1 Dan Bernstein 1 Qmail 2025-04-03 N/A
Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
CVE-2005-1516 1 Netwin 1 Dmail 2025-04-03 N/A
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
CVE-2005-1517 1 Cisco 1 Firewall Services Module 2025-04-03 N/A
Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).
CVE-2005-1521 1 Gnu 1 Mailutils 2025-04-03 N/A
Integer overflow in the fetch_io function of the imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a partial message request with a large value in the END parameter, which leads to a heap-based buffer overflow.
CVE-2005-1522 1 Gnu 1 Mailutils 2025-04-03 N/A
The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command.
CVE-2006-0141 1 Eudora 1 Internet Mail Server 2025-04-03 N/A
Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote attackers to cause a denial of service (crash) via (1) malformed NTLM authentication requests, or a malformed (2) Incoming Mail X or (3) Temporary Mail file.
CVE-2005-1530 1 Sophos 5 Sophos Anti-virus, Sophos Mailmonitor, Sophos Mailmonitor For Notes Domino and 2 more 2025-04-03 N/A
Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.
CVE-2006-0142 1 Andromeda Software 1 Andromeda 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda 1.9.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-1531 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."
CVE-2006-0147 5 John Lim, Mantis, Moodle and 2 more 5 Adodb, Mantis, Moodle and 2 more 2025-04-03 N/A
Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including (1) Mantis, (2) PostNuke, (3) Moodle, (4) Cacti, (5) Xaraya, (6) PhpOpenChat, possibly (7) MAXdev MD-Pro, and (8) Simplog, allows remote attackers to execute arbitrary PHP functions via the do parameter, which is saved in a variable that is then executed as a function, as demonstrated using phpinfo.
CVE-2005-1593 1 Codethat 1 Shoppingcart 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-0164 1 Woah-projekt 1 Phgstats 2025-04-03 N/A
phgstats.inc.php in phgstats before 0.5.1, if register_globals is enabled, allows remote attackers to include arbitrary files and execute arbitrary PHP code by modifying the PHGDIR variable.
CVE-2005-1596 1 Fusion 1 Sbx 2025-04-03 N/A
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
CVE-2005-1597 1 Invision Power Services 2 Invision Board, Invision Power Board 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
CVE-2006-0166 1 Symantec 1 Norton System Works 2025-04-03 N/A
Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 stores temporary copies of files in the Norton Protected Recycle Bin NProtect directory, which is hidden from the FindFirst and FindNext Windows APIs and allows remote attackers to hide arbitrary files from virus scanners and other products.
CVE-2006-1373 1 Php Live 1 Php Live 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in status_image.php in PHP Live! 3.0 allows remote attackers to inject arbitrary web script or HTML via the base_url parameter.
CVE-2005-1602 1 Net56 1 File Manager 2025-04-03 N/A
SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field.
CVE-2006-0172 1 Hummingbird 1 Enterprise Collaboration 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the file manager utility in Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to inject arbitrary web script or HTML in an uploaded page, which is published without a check for hostile scripting.
CVE-2005-1605 1 Positive Software 1 Sitestudio 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.