Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2220 1 Incredible Interactive 1 Dragonfly Commerce 2025-04-03 N/A
Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem
CVE-2005-2223 1 Mailenable 2 Mailenable Professional, Mailenable Standard 2025-04-03 N/A
Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication.
CVE-2005-2782 1 Autolinks 1 Autolinks 2025-04-03 N/A
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.
CVE-2005-2786 1 Cosmoshop 1 Cosmoshop 2025-04-03 N/A
Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.
CVE-2005-2266 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents.
CVE-2005-2812 1 Man2web 1 Man2web 2025-04-03 N/A
man2web allows remote attackers to execute arbitrary commands via -P arguments.
CVE-2005-2814 1 Flatnuke 1 Flatnuke 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.
CVE-2005-2267 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
CVE-2005-3487 1 Scorched 3d 1 Scorched 3d 2025-04-03 N/A
Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.
CVE-2005-3491 1 Johannes F. Kuhlmann 1 Flatfrag 2025-04-03 N/A
Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model fields.
CVE-2005-3494 1 Ar-blog 1 Ar-blog 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment.
CVE-2005-3502 1 Cerberus 1 Cerberus Helpdesk 2025-04-03 N/A
attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.
CVE-2005-3503 1 Pwdutils 1 Pwdutils 2025-04-03 N/A
chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.
CVE-2005-3514 1 Chipmunk Scripts 1 Chipmunk Forum 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php.
CVE-2006-0105 1 Postgresql 1 Postgresql 2025-04-03 N/A
PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on Windows, allows remote attackers to cause a denial of service (postmaster exit and no new connections) via a large number of simultaneous connection requests.
CVE-2006-0906 1 Top Line 1 D3jeeb Pro 2025-04-03 N/A
SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to execute arbitrary SQL commands via the catid parameter in (1) fastlinks.php and (2) catogary.php.
CVE-2005-3517 1 Chipmunk Scripts 1 Chipmunk Guestbook 2025-04-03 N/A
Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.
CVE-2006-4419 1 Promanager 1 Promanager 2025-04-03 N/A
SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter.
CVE-2005-3572 1 Peel 1 Peel 2025-04-03 N/A
SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter.
CVE-2005-3573 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2025-04-03 N/A
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).