Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0585 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.
CVE-2005-0586 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.
CVE-2005-0592 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value.
CVE-2006-0500 1 Punctweb 1 Myco Guestbook 2026-04-16 N/A
MyCO Guestbook 1.0 stores the admin directory under the web document root with insufficient access control, which allows remote attackers to perform unspecified privileged actions by directly accessing files via a URL.
CVE-2006-3734 1 Cisco 1 Cs-mars 2026-04-16 N/A
Multiple unspecified vulnerabilities in the Command Line Interface (CLI) for Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allow local CS-MARS administrators to execute arbitrary commands as root.
CVE-2006-0508 1 Easy Cms 1 Easy Cms 2026-04-16 N/A
Easy CMS stores the images directory under the web document root with insufficient access control and browsing enabled, which allows remote attackers to list and possibly read images that are stored in that directory.
CVE-2005-0594 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.
CVE-2006-0509 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in clients.php in Cerberus Helpdesk, possibly 2.7, allow remote attackers to inject arbitrary web script or HTML via (1) the contact_search parameter and (2) unspecified url fields.
CVE-2005-0595 1 Working Resources Inc. 1 Badblue 2026-04-16 N/A
Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.
CVE-2005-0596 1 Php 1 Php 2026-04-16 N/A
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
CVE-2006-0511 1 Blackboard 2 Blackboard, Blackboard Academic Suite 2026-04-16 N/A
Blackboard Academic Suite 6.0 and earlier does not properly clear session information when de-authenticating a user who is idle, which allows subsequent users to log in as the previous user and gain privileges. NOTE: the vendor has disputed this issue, saying that "This is a customer specific issue related to their Kerberos authentication single sign-on application and not a vulnerability in the Blackboard product.
CVE-2006-3735 1 Mail2forum 1 Mail2forum 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php.
CVE-2005-0597 1 Cisco 1 Application And Content Networking Software 2026-04-16 N/A
Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection."
CVE-2006-0513 1 Ibm 1 Tivoli Access Manager For E-business 2026-04-16 N/A
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2005-0674 1 Php Arena 1 Pabox 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request.
CVE-2006-0571 1 Hinton Design 1 Phpstatus 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.
CVE-2006-3787 1 Kerio 1 Personal Firewall 2026-04-16 N/A
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread.
CVE-2005-0675 1 Phpoutsourcing 1 Zorum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.
CVE-2006-0572 1 Hinton Design 1 Phpstatus 2026-04-16 N/A
phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication.
CVE-2006-3788 1 Ufo2000 1 Ufo2000 2026-04-16 N/A
Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow remote attackers to execute arbitrary code via (1) a long unit name in Net::recv_add_unit,; (2) large values to Net::recv_rules, Net::recv_select_unit, Net::recv_options, and Net::recv_unit_data; and (3) a large mapdata GEODATA structure in Net::recv_map_data.