ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4419 | 1 Quicksquare Development | 2 Honeycomb Archive, Honeycomb Archive Enterprise | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters. | ||||
| CVE-1999-0499 | 1 Microsoft | 2 Windows 2000, Windows Nt | 2026-04-16 | N/A |
| NETBIOS share information may be published through SNMP registry keys in NT. | ||||
| CVE-2005-4427 | 1 Cerberus | 1 Cerberus Helpdesk | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. | ||||
| CVE-2005-4434 | 1 Abledesign | 1 Abledesign | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4440 | 1 Vlan Protocol | 1 Vlan Protocol | 2026-04-16 | N/A |
| The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack." | ||||
| CVE-1999-0527 | 2026-04-16 | N/A | ||
| The permissions for system-critical data in an anonymous FTP account are inappropriate. For example, the root directory is writeable by world, a real password file is obtainable, or executable commands such as "ls" can be overwritten. | ||||
| CVE-2005-4449 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability. | ||||
| CVE-2005-4455 | 1 Livejournal | 1 Livejournal | 2026-04-16 | N/A |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | ||||
| CVE-1999-0561 | 2026-04-16 | N/A | ||
| IIS has the #exec function enabled for Server Side Include (SSI) files. | ||||
| CVE-2005-4470 | 1 Blender | 1 Blenloader | 2026-04-16 | N/A |
| Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. | ||||
| CVE-2005-4475 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | ||||
| CVE-2005-4483 | 1 Iatek | 1 Siteenable | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. | ||||
| CVE-1999-0630 | 2026-04-16 | N/A | ||
| The NT Alerter and Messenger services are running. | ||||
| CVE-1999-0640 | 2026-04-16 | N/A | ||
| The Gopher service is running. | ||||
| CVE-2005-4486 | 1 Quantum Art | 1 Qp7 Enterprise | 2026-04-16 | N/A |
| SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp | ||||
| CVE-2005-4497 | 1 Tangora | 1 Tangora Portal Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter in a search page, as demonstrated using (1) page1631.aspx and (2) page496.aspx. | ||||
| CVE-2005-4510 | 1 Extensis | 1 Netpublish Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter. | ||||
| CVE-2005-4511 | 1 Curtis Hawthorne | 1 Tn3270 Resource Gateway | 2026-04-16 | N/A |
| Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of service and possibly execute arbitrary code via format string specifiers in syslog function calls. | ||||
| CVE-2005-4525 | 1 Sygate Technologies | 1 Protection Agent | 2026-04-16 | N/A |
| SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch. | ||||
| CVE-1999-0718 | 1 Ibm | 1 Gina | 2026-04-16 | N/A |
| IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key. | ||||