Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2025-04-03 | N/A |
| The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | ||||
| CVE-2005-0289 | 1 Apple | 2 Airport Express, Airport Extreme | 2025-04-03 | N/A |
| Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | ||||
| CVE-2005-0290 | 1 Netgear | 1 Fvs318 | 2025-04-03 | N/A |
| NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | ||||
| CVE-2005-0283 | 1 David Barrett | 1 Qwikiwiki | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter. | ||||
| CVE-2005-0284 | 1 Woltlab | 1 Burning Book | 2025-04-03 | N/A |
| SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | ||||
| CVE-2005-0295 | 1 Inca | 1 Nprotect Gameguard | 2025-04-03 | N/A |
| npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges. | ||||
| CVE-2005-0297 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | ||||
| CVE-2005-0298 | 1 Oracle | 1 Database Server | 2025-04-03 | N/A |
| The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. | ||||
| CVE-2005-0299 | 1 Gforge | 1 Gforge | 2025-04-03 | N/A |
| Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php. | ||||
| CVE-2005-0293 | 1 Minis | 1 Minis | 2025-04-03 | N/A |
| Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter. | ||||
| CVE-2005-0294 | 1 Minis | 1 Minis | 2025-04-03 | N/A |
| minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter. | ||||
| CVE-2005-0302 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2025-04-03 | N/A |
| SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | ||||
| CVE-2005-0304 | 1 Divx | 1 Divx Player | 2025-04-03 | N/A |
| Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. | ||||
| CVE-2005-0306 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | N/A |
| MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message. | ||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | ||||
| CVE-2005-0308 | 1 Ursoftware | 1 W32dasm | 2025-04-03 | N/A |
| Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. | ||||
| CVE-2005-0312 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2025-04-03 | N/A |
| WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability. | ||||
| CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2025-04-03 | N/A |
| Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | ||||
| CVE-2005-0314 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. | ||||
| CVE-2005-0315 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2025-04-03 | N/A |
| The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. | ||||