ReportizFlow
Filtered by vendor
Subscriptions
Total
29899 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3865 | 1 Scripts-templates | 1 Allweb Search | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter. | ||||
| CVE-2006-0787 | 1 Plaino | 1 Wimpy Mp3 | 2026-04-16 | N/A |
| wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. NOTE: since this issue, as described by the original researcher, is entirely dependent on the presence of another vulnerability, it could be argued that Wimpy cannot be responsible for how its data file is processed by applications outside of its control. Since this issue might only be useful as a facilitator manipulation in another vulnerability, perhaps it should not be included in CVE. | ||||
| CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2026-04-16 | N/A |
| Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | ||||
| CVE-2005-0329 | 1 Zipgenius | 1 Zipgenius | 2026-04-16 | N/A |
| Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences. | ||||
| CVE-2006-1988 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function in Apple Safari 2.0.3 allows remote attackers to cause a denial of service (application crash) via an HTML LI tag with a large VALUE attribute (list item number), which triggers a null dereference in QPainter::drawText, probably due to a failed memory allocation that uses the VALUE. | ||||
| CVE-2005-0335 | 1 Emotion | 1 Mediapartner Web Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2005-0343 | 1 Logicnow | 1 Perldesk | 2026-04-16 | N/A |
| SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter. | ||||
| CVE-2005-0359 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2026-04-16 | N/A |
| The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service. | ||||
| CVE-2005-0502 | 1 Xinkaa Web Station | 1 Xinkaa Web Station | 2026-04-16 | N/A |
| Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request. | ||||
| CVE-2006-4664 | 1 Premod Shadow | 1 Premod Shadow | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in includes/functions_portal.php in Premod Shadow 2.7.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | ||||
| CVE-2005-0535 | 2 Gentoo, Mediawiki | 2 Linux, Mediawiki | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. | ||||
| CVE-2005-0649 | 1 Pixel-apes Group | 1 Safehtml | 2026-04-16 | N/A |
| Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities." | ||||
| CVE-2005-0652 | 1 Hp | 1 Openvms | 2026-04-16 | N/A |
| Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | ||||
| CVE-2005-0696 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote authenticated users to execute arbitrary code via a long DELE command. NOTE: this issue was later reported to also affect 1.4.3.5. | ||||
| CVE-2006-4966 | 1 Chumpsoft | 1 Phpquestionnaire | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in inc/ifunctions.php in chumpsoft phpQuestionnaire (phpQ) 3.12 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[phpQRootDir] parameter. | ||||
| CVE-2006-4973 | 1 Dotnetnuke | 1 Dotnetnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual Motion Interactive Systems DotNetNuke before 3.3.5, and 4.x before 4.3.5, allows remote attackers to inject arbitrary HTML via the error parameter. | ||||
| CVE-2005-2389 | 1 Symantec Veritas | 2 Netbackup Enterprise Server, Netbackup Server | 2026-04-16 | N/A |
| NDMP server in Veritas NetBackup 5.1 allows attackers to cause a denial of service via a CONFIG message with an out-of-range timestamp, which triggers a null dereference. | ||||
| CVE-2005-0729 | 1 Techland | 1 Xpand Rally | 2026-04-16 | N/A |
| Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message. | ||||
| CVE-2005-0787 | 1 Wine | 1 Wine | 2026-04-16 | N/A |
| Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. | ||||
| CVE-2005-0795 | 1 Hola | 1 Holacms | 2026-04-16 | N/A |
| HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. | ||||