Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2021 | 1 Cpanel | 1 Cpanel | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. | ||||
| CVE-2005-2024 | 1 Vipul | 1 Razor-agents | 2025-04-03 | N/A |
| Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type. | ||||
| CVE-2005-2032 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. | ||||
| CVE-2005-2026 | 1 Enterasys | 1 Vertical Horizon-2402s | 2025-04-03 | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges. | ||||
| CVE-2005-2027 | 1 Enterasys | 1 Vertical Horizon-2402s | 2025-04-03 | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry. | ||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2025-04-03 | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | ||||
| CVE-2005-2031 | 1 Socialmpn | 1 Socialmpn | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php. | ||||
| CVE-2005-2037 | 1 Fortibus | 1 Fortibus Cms | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | ||||
| CVE-2005-2040 | 1 Telnetd | 1 Telnetd | 2025-04-03 | N/A |
| Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469. | ||||
| CVE-2005-2041 | 1 Hauri | 1 Virobot Linux Server | 2025-04-03 | N/A |
| Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE). | ||||
| CVE-2005-2038 | 1 Fortibus | 1 Fortibus Cms | 2025-04-03 | N/A |
| Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. | ||||
| CVE-2005-2039 | 1 Nanoblogger | 1 Nanoblogger | 2025-04-03 | N/A |
| Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands. | ||||
| CVE-2005-2048 | 1 Duware | 1 Duforum | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and possibly other versions, allow remote attackers to execute arbitrary SQL commands via the (1) iMsg parameter to messages.asp, iFor parameter to (2) post.asp or (3) forums.asp, or (4) id parameter to userEdit.asp. NOTE: vectors 1 and 3 were later reported to affect version 3.0. | ||||
| CVE-2005-2049 | 1 Duware | 1 Duclassmate | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp. | ||||
| CVE-2005-2043 | 1 Xampp | 1 Apache Distribution | 2025-04-03 | N/A |
| Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php. | ||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2025-04-03 | N/A |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | ||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | ||||
| CVE-2005-2055 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | N/A |
| RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers". | ||||
| CVE-2005-2056 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | N/A |
| The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive. | ||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | N/A |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | ||||