Search Results (365339 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2892 1 Pblang 1 Pblang 2026-04-16 N/A
Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter.
CVE-2005-2894 1 Pblang 1 Pblang 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field.
CVE-2005-2896 1 Stylemotion 1 Web News 2026-04-16 N/A
SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.
CVE-2006-0455 2 Gnu, Redhat 2 Privacy Guard, Enterprise Linux 2026-04-16 N/A
gpgv in GnuPG before 1.4.2.1, when using unattended signature verification, returns a 0 exit code in certain cases even when the detached signature file does not carry a signature, which could cause programs that use gpgv to assume that the signature verification has succeeded. Note: this also occurs when running the equivalent command "gpg --verify".
CVE-2005-2898 1 Filezilla 1 Filezilla 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.
CVE-2005-2899 1 Cj Design 1 Cj Tag Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter.
CVE-2005-2903 1 Eset Software 1 Nod32 Antivirus 2026-04-16 N/A
Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename.
CVE-2005-2912 1 Linksys 1 Wrt54g 2026-04-16 N/A
Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value.
CVE-2005-2914 1 Linksys 1 Wrt54g 2026-04-16 N/A
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration.
CVE-2005-2915 1 Linksys 1 Wrt54g 2026-04-16 N/A
ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914.
CVE-2006-0456 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 can return an incorrect value, which allows local users to cause a denial of service via unknown vectors.
CVE-2006-0459 1 Westes 1 Flex 2026-04-16 N/A
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
CVE-2006-0460 1 Bomberclone 1 Bomberclone 2026-04-16 N/A
Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.
CVE-2005-2922 2 Realnetworks, Redhat 6 Helix Player, Realone Player, Realplayer and 3 more 2026-04-16 N/A
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
CVE-2005-2926 1 Sco 1 Openserver 2026-04-16 N/A
Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2005-2931 1 Ipswitch 2 Imail Server, Ipswitch Collaboration Suite 2026-04-16 N/A
Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands.
CVE-2005-2939 1 Vmware 1 Workstation 2026-04-16 N/A
Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder.
CVE-2005-2947 1 Killprocess 1 Killprocess 2026-04-16 N/A
Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource.
CVE-2005-2950 1 Sawmill 1 Sawmill 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.
CVE-2006-0463 1 Ideosoft Design 1 Ideocontent Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php.