Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4549 1 Chxo 1 Feedsplitter 2026-04-16 N/A
CHXO Feedsplitter 2006-01-21 allows remote attackers to read the source code of feedsplitter.php via the showsource function. NOTE: this issue is not a vulnerability in standard distributions, but could be an issue if the source has been modified.
CVE-2005-2843 1 Helpdesk Software 1 Hesk 2026-04-16 N/A
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
CVE-2006-4550 1 Chxo 1 Feedsplitter 2026-04-16 N/A
Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to read arbitrary XML files via .. (dot dot) sequences in the format parameter with a leading ".", which bypasses a security check.
CVE-2005-2844 1 Indiatimes Messenger 1 Indiatimes Messenger 2026-04-16 N/A
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
CVE-2005-2845 1 Ariba 1 Ariba Spend Management Solutions 2026-04-16 N/A
Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.
CVE-2006-2119 1 Artmedic Webdesign 1 Artmedic Event 2026-04-16 N/A
PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter.
CVE-2006-4551 1 Chxo 1 Feedsplitter 2026-04-16 N/A
Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to execute arbitrary PHP code via (1) the file specified as the value of the format parameter, and possibly (2) the RSS feed.
CVE-2005-2846 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
CVE-2006-2120 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.
CVE-2005-2847 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2006-4552 1 Chxo 1 Feedsplitter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter 2006-01-21 allows remote attackers to inject arbitrary web script or HTML via the RSS feed.
CVE-2005-2848 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
CVE-2005-2849 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
CVE-2006-2124 1 Turnkey Solutions 1 Sunshop Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6) action parameters in index.php.
CVE-2006-2127 1 Blog Mod 1 Blog Mod 2026-04-16 N/A
SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter.
CVE-2006-4554 1 Becubed 1 Compression Plus 2026-04-16 N/A
Stack-based buffer overflow in the ReadFile function in the ZOO-processing exports in the BeCubed Compression Plus before 5.0.1.28, as used in products including (1) Tumbleweed EMF, (2) VCOM/Ontrack PowerDesk Pro, (3) Canyon Drag and Zip, (4) Canyon Power File, and (5) Canyon Power File Gold, allow context-dependent attackers to execute arbitrary code via an inconsistent size parameter in a ZOO file header.
CVE-2005-2851 1 Smb4k 1 Smb4k 2026-04-16 N/A
smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
CVE-2005-2852 1 Novell 1 Netware 2026-04-16 N/A
Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, 5.1, and 6.0 allows remote attackers to cause a denial of service (ABEND) via an incorrect password length, as exploited by the "worm.rbot.ccc" worm.
CVE-2005-2853 1 Guppy 1 Guppy 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the pg parameter to printfaq.php, or the (2) Referer or (3) User-Agent HTTP headers, which are not properly handled by error.php.
CVE-2005-2854 1 Thesitewizard.com 1 Chfeedback.pl Feedback Form Perl Script 2026-04-16 N/A
CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers.