Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2144 | 1 Prevx | 1 Prevx Pro 2005 | 2025-04-03 | N/A |
| Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. | ||||
| CVE-2005-2145 | 1 Prevx | 1 Prevx Pro 2005 | 2025-04-03 | N/A |
| The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message. | ||||
| CVE-2005-2148 | 1 The Cacti Group | 1 Cacti | 2025-04-03 | N/A |
| Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. | ||||
| CVE-2005-2161 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. | ||||
| CVE-2005-2265 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string. | ||||
| CVE-2005-2266 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensitive information such as cookies and passwords from web sites whose child frames do not verify that they are in the same domain as their parents. | ||||
| CVE-2005-2442 | 1 Spi Dynamics | 1 Webinspect | 2025-04-03 | N/A |
| Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another. | ||||
| CVE-2005-2284 | 1 Esi Products | 1 Webeoc | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors. | ||||
| CVE-2005-2302 | 1 Powerdns | 1 Powerdns | 2025-04-03 | N/A |
| PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion. | ||||
| CVE-2005-2346 | 1 Novell | 1 Groupwise | 2025-04-03 | N/A |
| Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. | ||||
| CVE-2005-2320 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | N/A |
| WebCalendar before 1.0.0 does not properly restrict access to assistant_edit.php, which allows remote attackers to gain privileges. | ||||
| CVE-2005-2543 | 1 Comdev | 1 Comdev Ecommerce | 2025-04-03 | N/A |
| Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter. | ||||
| CVE-2005-2519 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges. | ||||
| CVE-2005-2535 | 1 Broadcom | 4 Arcserve Backup 2000, Brightstor Arcserve Backup, Brightstor Arcserve Backup Hp and 1 more | 2025-04-03 | N/A |
| Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260. | ||||
| CVE-2005-2788 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php. | ||||
| CVE-2005-2790 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2025-04-03 | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | ||||
| CVE-2005-2763 | 1 Openttd | 1 Openttd | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | ||||
| CVE-2005-2771 | 2 F-secure, Wrq | 2 F-secure Ssh Server, Wrq Reflection For Secure It Windows Server | 2025-04-03 | N/A |
| WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as F-Secure SSH server) processes access and deny lists in a case-sensitive manner, when previous versions were case-insensitive, which might allow remote attackers to bypass intended restrictions and login to accounts that should be denied. | ||||
| CVE-2005-2779 | 1 Itan Online-banking Security System | 1 Itan Online-banking Security System | 2025-04-03 | N/A |
| The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack. | ||||
| CVE-2005-2842 | 1 Dameware Development | 1 Mini Remote Control Server | 2025-04-03 | N/A |
| Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username. | ||||