Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1265 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).
CVE-2005-1269 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
CVE-2005-4861 1 Jasio.net 1 Ragnarok Online Control Panel 2026-04-16 N/A
functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.
CVE-2005-1270 1 Gentoo 1 Rootkit Hunter 2026-04-16 N/A
The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2005-4862 1 Xwiki 1 Xwiki 2026-04-16 N/A
The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.
CVE-2005-1278 2 Lbl, Redhat 2 Tcpdump, Enterprise Linux 2026-04-16 N/A
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
CVE-2005-1281 1 Ethereal Group 1 Ethereal 2026-04-16 N/A
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.
CVE-2005-1284 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.
CVE-2005-1291 1 Cartwiz 1 Asp Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
CVE-2005-4863 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
CVE-2005-1292 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.
CVE-2005-1294 1 Nokia 1 Affix 2026-04-16 N/A
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
CVE-2005-4867 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
CVE-2005-1297 1 Include.cgi 1 Include.cgi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2005-1302 1 Swsoft 1 Confixx 2026-04-16 N/A
SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field.
CVE-2005-1303 1 Citat.pl 1 Citat.pl 2026-04-16 N/A
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2005-1305 1 Hyper.cgi 1 Hyper.cgi 2026-04-16 N/A
The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2005-4868 2 Ibm, Microsoft 2 Db2 Universal Database, Windows 2026-04-16 7.1 High
Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.
CVE-2005-1307 2 Adobe, Apple 2 Version Cue, Mac Os X 2026-04-16 N/A
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory.
CVE-2005-1312 1 Yappa-ng 1 Yappa-ng 2026-04-16 N/A
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors.