Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2005-2174 Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access infor... | N/A | NONE | — | 0 |
| CVE-2005-2175 The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based atta... | N/A | NONE | — | 0 |
| CVE-2005-2176 Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | N/A | NONE | — | 0 |
| CVE-2005-1768 Race condition in the ia32 compatibility code for the execve system call in Linux kernel 2.4 before 2.4.31 and 2.6 before 2.6.6 allows local users to cause a denial of service (kernel panic) and possi... | N/A | NONE | — | 0 |
| CVE-2005-2150 Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows... | N/A | NONE | — | 0 |
| CVE-2005-2170 The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connect... | N/A | NONE | — | 0 |
| CVE-2005-2177 Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumptio... | N/A | NONE | — | 0 |
| CVE-2005-2178 probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. NOTE: it is unclear which product or vendor this program is associated with, if any. | N/A | NONE | — | 0 |
| CVE-2005-2179 PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter. | N/A | NONE | — | 0 |
| CVE-2005-2286 WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource. | N/A | NONE | — | 0 |
| CVE-2005-2180 gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local us... | N/A | NONE | — | 0 |
| CVE-2005-2181 Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoof messages such... | 7.5 | HIGH | — | 0 |
| CVE-2005-2182 Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not properly check the Call-ID, branch, and tag values in a NOTIFY message to verify a subscription, which allows remote attackers to spoo... | 7.5 | HIGH | — | 0 |
| CVE-2005-2183 class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain ... | N/A | NONE | — | 0 |
| CVE-2005-2184 eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | N/A | NONE | — | 0 |
| CVE-2005-2185 eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | N/A | NONE | — | 0 |
| CVE-2005-2186 Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName o... | N/A | NONE | — | 0 |
| CVE-2005-2187 McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using t... | N/A | NONE | — | 0 |
| CVE-2005-2188 McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | N/A | NONE | — | 0 |
| CVE-2005-2189 Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive informa... | N/A | NONE | — | 0 |
| CVE-2005-2190 Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2... | N/A | NONE | — | 0 |
| CVE-2005-2191 Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssign... | N/A | NONE | — | 0 |
| CVE-2005-2192 SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. | N/A | NONE | — | 0 |
| CVE-2005-2193 SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not init... | N/A | NONE | — | 0 |
| CVE-2005-2197 SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | N/A | NONE | — | 0 |
| CVE-2005-2198 PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter. | N/A | NONE | — | 0 |
| CVE-2025-30955 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GT3themes ListingEasy allows Reflected XSS. This issue affects ListingEasy: from n/a through 1.9.2... | 7.1 | HIGH | — | 0 |
| CVE-2005-2199 PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable. | N/A | NONE | — | 0 |
| CVE-2005-2200 Multiple unknown vulnerabilities in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to bypass authentication. | N/A | NONE | — | 0 |
| CVE-2005-2201 Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or acce... | N/A | NONE | — | 0 |
| CVE-2005-2202 Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject... | N/A | NONE | — | 0 |
| CVE-2005-2203 login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. | N/A | NONE | — | 0 |
| CVE-2005-2204 Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or H... | N/A | NONE | — | 0 |
| CVE-2005-2205 The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | N/A | NONE | — | 0 |
| CVE-2005-2206 Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, ... | N/A | NONE | — | 0 |
| CVE-2005-2207 Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | N/A | NONE | — | 0 |
| CVE-2005-2208 PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | N/A | NONE | — | 0 |
| CVE-2005-2209 Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | 5.5 | MEDIUM | — | 0 |
| CVE-2005-2210 Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | N/A | NONE | — | 0 |
| CVE-2025-21070 Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory. | 4.0 | MEDIUM | — | 0 |
| CVE-2005-2420 flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request. | N/A | NONE | — | 0 |
| CVE-2005-2421 Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter. | N/A | NONE | — | 0 |
| CVE-2005-2422 Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter. | N/A | NONE | — | 0 |
| CVE-2005-2423 Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) ... | N/A | NONE | — | 0 |
| CVE-2005-2434 Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. | N/A | NONE | — | 0 |
| CVE-2005-2424 The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port ... | N/A | NONE | — | 0 |
| CVE-2005-2425 Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long se... | N/A | NONE | — | 0 |
| CVE-2005-2426 FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command. | N/A | NONE | — | 0 |
| CVE-2005-2427 Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | N/A | NONE | — | 0 |
| CVE-2005-2435 Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter. | N/A | NONE | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.