ReportizFlow
Filtered by vendor
Subscriptions
Total
29894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2796 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2026-04-16 | N/A |
| The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | ||||
| CVE-2005-2756 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion. | ||||
| CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | ||||
| CVE-2005-2718 | 1 Mplayer | 1 Mplayer | 2026-04-16 | N/A |
| Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk. | ||||
| CVE-2005-2701 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. | ||||
| CVE-2005-2696 | 1 Ibm | 1 Lotus Notes | 2026-04-16 | N/A |
| IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | ||||
| CVE-2005-2663 | 1 Masqmail | 1 Masqmail | 2026-04-16 | N/A |
| masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file. | ||||
| CVE-2005-2652 | 1 Phpoutsourcing | 1 Zorum | 2026-04-16 | N/A |
| Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php. | ||||
| CVE-2005-2650 | 1 Emefa | 1 Emefa Guestbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. | ||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2026-04-16 | N/A |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. | ||||
| CVE-2005-2570 | 1 Funkboard | 1 Funkboard | 2026-04-16 | N/A |
| FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message. | ||||
| CVE-2006-2129 | 1 Deltascripts | 1 Pro Publish | 2026-04-16 | N/A |
| Direct static code injection vulnerability in Pro Publish 2.0 allows remote authenticated administrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php. | ||||
| CVE-2005-2563 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template. | ||||
| CVE-2005-2562 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2026-04-16 | N/A |
| SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field. | ||||
| CVE-2005-2539 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. | ||||
| CVE-2005-2529 | 1 Sun | 1 Java | 2026-04-16 | N/A |
| Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | ||||
| CVE-2005-1687 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter. | ||||
| CVE-2004-0870 | 1 Kde | 1 Konqueror | 2026-04-16 | N/A |
| KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | ||||
| CVE-2005-2442 | 1 Spi Dynamics | 1 Webinspect | 2026-04-16 | N/A |
| Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another. | ||||
| CVE-2006-4337 | 2 Gzip, Redhat | 2 Gzip, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. | ||||