ReportizFlow
Filtered by vendor
Subscriptions
Total
345200 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2124 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability." | ||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2026-04-16 | 5.5 Medium |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | ||||
| CVE-2005-2260 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dangerous actions that normally could only be performed manually by the user. | ||||
| CVE-2005-2272 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Safari version 2.0 (412) does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability." | ||||
| CVE-2005-2297 | 1 Sybase | 1 Easerver | 2026-04-16 | N/A |
| Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. | ||||
| CVE-2005-2282 | 1 Esi Products | 1 Webeoc | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors. | ||||
| CVE-2005-2338 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module. | ||||
| CVE-2005-2364 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2026-04-16 | N/A |
| Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference. | ||||
| CVE-2005-2426 | 1 Ftpshell | 1 Ftpshell Server | 2026-04-16 | N/A |
| FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. | ||||
| CVE-2005-2429 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office. | ||||
| CVE-2005-2458 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables". | ||||
| CVE-2005-2453 | 1 Networkactiv | 1 Networkactiv Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. | ||||
| CVE-2005-2537 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | ||||
| CVE-2005-2498 | 3 Debian, Gggeek, Redhat | 3 Debian Linux, Phpxmlrpc, Enterprise Linux | 2026-04-16 | N/A |
| Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||||
| CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2026-04-16 | N/A |
| Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | ||||
| CVE-2005-2597 | 1 Aol | 1 Aol Client Software | 2026-04-16 | N/A |
| AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. | ||||
| CVE-2005-2601 | 1 Midicart Software | 1 Midicart Php Shopping Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in MidiCart allows remote attackers to execute arbitrary SQL commands via the code_no parameter to (1) Item_Show.asp or (2) search_list.asp. | ||||
| CVE-2005-2608 | 1 Safehtml | 1 Safehtml | 2026-04-16 | N/A |
| SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. | ||||
| CVE-2005-2609 | 1 Vegadns | 1 Vegadns | 2026-04-16 | N/A |
| index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter. | ||||
| CVE-2005-2625 | 1 Cpaint | 1 Cpaint | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist. | ||||