Search Results (366011 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0677 1 Phpoutsourcing 1 Zorum 2026-04-16 N/A
index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.
CVE-2005-0681 1 Nokia 1 Series 2026-04-16 N/A
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
CVE-2005-0685 1 Outstart 1 Participate Enterprise 2026-04-16 N/A
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
CVE-2005-0686 1 Mlterm 1 Mlterm 2026-04-16 N/A
Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf support enabled, allows remote attackers to execute arbitrary code via a large image file that is used as a background.
CVE-2005-0687 1 Hashcash 1 Hashcash 2026-04-16 N/A
Format string vulnerability in Hashcash 1.16 allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via format string specifiers in a reply address, which is not properly handled when printing the header.
CVE-2005-0689 1 Jimmy 1 The Includer 2026-04-16 N/A
includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter.
CVE-2005-0690 1 Gene6 1 G6 Ftp Server 2026-04-16 N/A
Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.
CVE-2005-0692 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
CVE-2002-1559 1 Research Systems Inc. 1 Ion Script 2026-04-16 N/A
Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. (dot-dot) sequences in the page parameter.
CVE-2000-0841 1 Davide Libenzi 1 Xmail 2026-04-16 N/A
Buffer overflow in XMail POP3 server before version 0.59 allows remote attackers to execute arbitrary commands via a long APOP command.
CVE-2001-0222 1 Webmin 1 Webmin 2026-04-16 N/A
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
CVE-2000-0842 1 Sco 1 Unixware 2026-04-16 N/A
The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
CVE-2005-0695 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field.
CVE-2005-0699 4 Altlinux, Conectiva, Ethereal Group and 1 more 6 Alt Linux, Linux, Ethereal and 3 more 2026-04-16 N/A
Multiple buffer overflows in the dissect_a11_radius function in the CDMA A11 (3G-A11) dissector (packet-3g-a11.c) for Ethereal 0.10.9 and earlier allow remote attackers to execute arbitrary code via RADIUS authentication packets with large length values.
CVE-2005-0700 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
CVE-2005-0701 1 Oracle 1 Database Server 2026-04-16 N/A
Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.
CVE-2005-4608 1 Incogen 1 Bugport 2026-04-16 N/A
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.
CVE-2005-0703 1 Xerox 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more 2026-04-16 N/A
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
CVE-2005-4614 1 Sum Effect Software 1 Digishop 2026-04-16 N/A
Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.
CVE-2005-0708 2 Dragonflybsd, Freebsd 2 Dragonflybsd, Freebsd 2026-04-16 N/A
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.