ReportizFlow
Filtered by vendor
Subscriptions
Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2515 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required. | ||||
| CVE-2005-2520 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords. | ||||
| CVE-2005-2556 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | ||||
| CVE-2005-2576 | 1 Calogic | 1 Calogic | 2026-04-16 | N/A |
| CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message. | ||||
| CVE-2005-2582 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2026-04-16 | N/A |
| Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing. | ||||
| CVE-2005-2596 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| User.php in Gallery, as used in Postnuke, allows users with any Admin privileges to gain access to all galleries. | ||||
| CVE-2005-2664 | 1 Whisper32 | 1 Whisper32 | 2026-04-16 | N/A |
| Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory. | ||||
| CVE-2005-2673 | 1 Woltlab | 1 Burning Board | 2026-04-16 | N/A |
| SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | ||||
| CVE-2005-2705 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | ||||
| CVE-2005-2719 | 1 Flagship Industries | 1 Ventrilo | 2026-04-16 | N/A |
| Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784. | ||||
| CVE-2005-2774 | 1 Lithium Software | 1 Lithium Ii Mod | 2026-04-16 | N/A |
| Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname. | ||||
| CVE-2005-2804 | 1 Novell | 1 Groupwise | 2026-04-16 | N/A |
| Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | ||||
| CVE-2005-2816 | 1 Greymatter | 1 Greymatter Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. | ||||
| CVE-2005-2847 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-16 | N/A |
| img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | ||||
| CVE-2005-2887 | 1 Maxdev | 1 Md-pro | 2026-04-16 | N/A |
| MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message. | ||||
| CVE-2005-2896 | 1 Stylemotion | 1 Web News | 2026-04-16 | N/A |
| SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php. | ||||
| CVE-2005-2966 | 1 Dia | 1 Dia | 2026-04-16 | N/A |
| The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. | ||||
| CVE-2006-1052 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. | ||||
| CVE-2005-3061 | 1 Powerarchiver | 4 Powerarchiver 2002, Powerarchiver 2003, Powerarchiver 2004 and 1 more | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive. | ||||
| CVE-2005-3102 | 1 Six Apart | 1 Movable Type | 2026-04-16 | N/A |
| The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root. | ||||