Search Results (366864 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4583 1 Vmware 1 Esx 2026-04-16 N/A
Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).
CVE-2005-4585 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
CVE-2005-4586 1 Phpsurveyor 1 Phpsurveyor 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.
CVE-2005-0598 1 Cisco 10 Application And Content Networking Software, Content Delivery Manager, Content Distribution Manager 4630 and 7 more 2026-04-16 N/A
The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.
CVE-2005-0599 1 Cisco 1 Application And Content Networking Software 2026-04-16 N/A
Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets.
CVE-2005-0602 1 Info-zip 1 Unzip 2026-04-16 N/A
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
CVE-2005-0603 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
CVE-2005-0604 1 Gfi 1 Languard Network Security Scanner 2026-04-16 N/A
lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials.
CVE-2005-4588 1 Dream4 1 Koobi 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-0605 8 Altlinux, Lesstif, Mandrakesoft and 5 more 12 Alt Linux, Lesstif, Mandrake Linux and 9 more 2026-04-16 N/A
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2005-0606 1 Devellion 1 Cubecart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.
CVE-2005-0610 1 Freebsd 1 Freebsd 2026-04-16 N/A
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
CVE-2005-4590 1 Spb 1 Kiosk Engine 2026-04-16 N/A
Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.
CVE-2006-0840 1 Mantis 1 Mantis 2026-04-16 N/A
manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. NOTE: this issue might be the same as vector 2 in CVE-2005-4519.
CVE-2005-0616 1 Postnuke Software Foundation 1 Postnuke Phoenix 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables.
CVE-2005-4596 1 Ades Design 1 Adesguestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter.
CVE-2005-0617 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.
CVE-2001-0208 1 Microfocus 1 Cobol 2026-04-16 N/A
MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files.
CVE-2005-0621 1 Enlight Software 1 Scrapland 2026-04-16 N/A
Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets.
CVE-2005-0623 1 Raidenhttpd 1 Raidenhttpd 2026-04-16 N/A
Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL.