Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2646 1 Xerox 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more 2025-04-03 N/A
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.
CVE-2006-0520 1 Dragoran 1 Portal Module 2025-04-03 N/A
SQL injection vulnerability index.php in Dragoran Portal module 1.3 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the site parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-2647 1 Xerox 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors.
CVE-2005-2648 1 W-agora 1 W-agora 2025-04-03 N/A
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.
CVE-2005-2649 1 Adaptive Technology Resource Centre 1 Atutor 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.
CVE-2005-2652 1 Phpoutsourcing 1 Zorum 2025-04-03 N/A
Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php.
CVE-2005-2688 1 Savewebportal 1 Savewebportal 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields.
CVE-2006-1220 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads to a heap-based buffer overflow.
CVE-2005-2690 1 Postnuke Software Foundation 1 Postnuke 2025-04-03 N/A
SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.
CVE-2005-2698 1 Nelogic Technologies 1 Nephp Publisher Enterprise 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter.
CVE-2006-1222 1 Zeroboard 1 Zeroboard 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields.
CVE-2005-2699 1 Phpkit 1 Phpkit 2025-04-03 N/A
Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE.
CVE-2005-2701 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2025-04-03 N/A
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
CVE-2002-0668 1 Pingtel 1 Xpressa 2025-04-03 N/A
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
CVE-2005-2704 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
CVE-2006-0540 1 Tachyon 1 Vanilla Guestbook 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2005-2705 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2025-04-03 N/A
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
CVE-2006-0542 1 Nukedweb 1 Guestbookhost 2025-04-03 N/A
Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters.
CVE-2005-2706 2 Mozilla, Redhat 3 Firefox, Mozilla Suite, Enterprise Linux 2025-04-03 N/A
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
CVE-2005-2711 1 Iss 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more 2025-04-03 N/A
ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.