Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1962 1 Cerberus 1 Cerberus Helpdesk 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.
CVE-2005-1963 1 Cerberus 1 Cerberus Helpdesk 2025-04-03 N/A
Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.
CVE-2005-1967 1 Early Impact 1 Productcart Ecommerce 2025-04-03 N/A
Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp.
CVE-2005-1969 1 Pragma Systems 1 Pragma Telnetserver 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session.
CVE-2005-2070 1 Sendmail 1 Sendmail 2025-04-03 N/A
The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading.
CVE-2005-2075 1 Php Fusion 1 Php Fusion 2025-04-03 N/A
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
CVE-2006-0309 1 Linksys 1 Befvp41 2025-04-03 N/A
Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
CVE-2005-2077 1 Hosting Controller 1 Hosting Controller 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2005-2080 1 Symantec Veritas 1 Backup Exec 2025-04-03 N/A
Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.
CVE-2005-2083 1 Truenorth Software 1 Ia Emailserver 2025-04-03 N/A
Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument.
CVE-2006-0319 1 Farmers Wife 1 Farmers Wife 2025-04-03 N/A
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.
CVE-2005-2084 1 Telligent Systems 1 Community Server Forums 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-2100 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2025-04-03 N/A
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
CVE-2005-2102 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2025-04-03 N/A
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
CVE-2002-0626 1 Polycom 8 Viewstation 128, Viewstation 512, Viewstation Dcp and 5 more 2025-04-03 N/A
Polycom ViewStation before 7.2.4 has a default null password for the administrator account, which allows arbitrary users to conduct unauthorized activities.
CVE-2005-2107 1 Wordpress 1 Wordpress 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.
CVE-2005-2108 1 Wordpress 1 Wordpress 2025-04-03 N/A
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
CVE-2005-2111 1 Community Link Pro Web Editor 1 Community Link Pro Web Editor 2025-04-03 N/A
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
CVE-2005-2112 1 Xoops 1 Xoops 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
CVE-2006-1436 1 Upoint 1 At1 Event Publisher 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event Publisher allow remote attackers to inject arbitrary web script or HTML via the (1) Event, (2) Description, (3) Time, (4) Website, and (5) Public Remarks fields to (a) eventpublisher_admin.htm and (b) eventpublisher_usersubmit.htm.