Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2005-0218 ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL. | N/A | NONE | β | 0 |
| CVE-2005-0219 Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3... | N/A | NONE | β | 0 |
| CVE-2005-0220 Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. | N/A | NONE | β | 0 |
| CVE-2005-0222 main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message. | N/A | NONE | β | 0 |
| CVE-2005-0223 The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserializa... | N/A | NONE | β | 0 |
| CVE-2005-0225 firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack. | N/A | NONE | β | 0 |
| CVE-2005-0227 PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension. | N/A | NONE | β | 0 |
| CVE-2006-2440 Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob ex... | N/A | NONE | β | 0 |
| CVE-2005-0230 Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote atta... | N/A | NONE | β | 0 |
| CVE-2005-0232 Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site ... | N/A | NONE | β | 0 |
| CVE-2005-0234 The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way tha... | N/A | NONE | β | 0 |
| CVE-2005-0235 The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that ... | N/A | NONE | β | 0 |
| CVE-2005-0236 The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that u... | N/A | NONE | β | 0 |
| CVE-2005-0237 The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certifica... | N/A | NONE | β | 0 |
| CVE-2005-0238 The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that us... | N/A | NONE | β | 0 |
| CVE-2005-0239 viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter. | N/A | NONE | β | 0 |
| CVE-2005-0240 Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an... | N/A | NONE | β | 0 |
| CVE-2006-0246 Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download Tracker 1.06 allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | N/A | NONE | β | 0 |
| CVE-2005-0241 The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote att... | N/A | NONE | β | 0 |
| CVE-2005-0244 PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command. | N/A | NONE | β | 0 |
| CVE-2005-0246 The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays. | N/A | NONE | β | 0 |
| CVE-2005-0247 Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_... | N/A | NONE | β | 0 |
| CVE-2005-0248 The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or loc... | N/A | NONE | β | 0 |
| CVE-2005-0250 Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. | N/A | NONE | β | 0 |
| CVE-2005-0251 Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter. | N/A | NONE | β | 0 |
| CVE-2005-0252 SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | N/A | NONE | β | 0 |
| CVE-2005-0253 Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the ... | N/A | NONE | β | 0 |
| CVE-2005-0254 BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to ... | 3.7 | LOW | β | 0 |
| CVE-2006-2441 Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create ... | N/A | NONE | β | 0 |
| CVE-2005-0255 String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that... | N/A | NONE | β | 0 |
| CVE-2005-0256 The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildc... | N/A | NONE | β | 0 |
| CVE-2005-0260 Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not... | N/A | NONE | β | 0 |
| CVE-2005-0262 Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. | N/A | NONE | β | 0 |
| CVE-2005-0263 Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument. | N/A | NONE | β | 0 |
| CVE-2005-0264 Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. | N/A | NONE | β | 0 |
| CVE-2005-0265 Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter. | N/A | NONE | β | 0 |
| CVE-2005-0267 index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | N/A | NONE | β | 0 |
| CVE-2005-0269 The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that incl... | 9.8 | CRITICAL | β | 0 |
| CVE-2005-0270 Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or ... | N/A | NONE | β | 0 |
| CVE-2026-30643 An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | 9.8 | CRITICAL | β | 0 |
| CVE-2026-30273 pandas-ai v3.0.0 was discovered to contain a SQL injection vulnerability via the pandasai.agent.base._execute_sql_query component. | 7.3 | HIGH | β | 0 |
| CVE-2026-33949 Tina is a headless content management system. Prior to version 2.2.2, a path traversal vulnerability in @tinacms/graphql allows unauthenticated users to write and overwrite arbitrary files within the ... | 8.1 | HIGH | β | 0 |
| CVE-2011-0400 Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmissi... | N/A | NONE | β | 0 |
| CVE-2026-20155 A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker with low privileges to access sensitive informa... | 8.0 | HIGH | β | 0 |
| CVE-2026-20160 A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected SS... | 9.8 | CRITICAL | β | 0 |
| CVE-2026-20174 A vulnerability in the Metadata update feature of Cisco Nexus Dashboard Insights could allow an authenticated, remote attacker to write arbitrary files to an affected system. This vulnerability is ... | 4.9 | MEDIUM | β | 0 |
| CVE-2005-0272 ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions. | N/A | NONE | β | 0 |
| CVE-2005-0273 Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter. | N/A | NONE | β | 0 |
| CVE-2005-0275 TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. | N/A | NONE | β | 0 |
| CVE-2005-0276 Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) t... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.