Search Results (363775 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-0117 1 Ibm 1 Aix 2026-04-16 N/A
AIX passwd allows local users to gain root access.
CVE-2005-1636 3 Mysql, Oracle, Redhat 3 Mysql, Mysql, Enterprise Linux 2026-04-16 N/A
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
CVE-2005-1638 1 Pixel-apes Group 1 Safehtml 2026-04-16 N/A
The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection.
CVE-2005-1646 1 Fastream 1 Netfile Ftp Web Server 2026-04-16 N/A
The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.
CVE-2005-1647 1 Gurgens 1 Gurgens Guest Book 2026-04-16 N/A
Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.
CVE-2001-1239 1 Connect Inc. 1 Powernet Ix 2026-04-16 N/A
PowerNet IX allows remote attackers to cause a denial of service via a port scan.
CVE-2005-1649 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, with Windows Firewall turned off, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the SYN flag set and the same destination and source address and port, a variant of CVE-2005-0688 and a reoccurrence of the "Land" vulnerability (CVE-1999-0016).
CVE-2005-1653 1 Woppoware 1 Postmaster 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2005-1664 1 Microsoft 1 Asp.net 2026-04-16 N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
CVE-2006-1673 1 Jelsoft 1 Vbug Tracker 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter.
CVE-2005-1673 1 Ubertec 1 Help Center Live 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.
CVE-1999-0129 7 Bsdi, Eric Allman, Freebsd and 4 more 9 Bsd Os, Sendmail, Freebsd and 6 more 2026-04-16 N/A
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
CVE-2005-1674 1 Helpcenterlive 1 Help Center Live 2026-04-16 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.
CVE-1999-0136 1 Sun 1 Sunos 2026-04-16 N/A
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
CVE-2005-1682 1 Solstice 1 Solstice Internet Mail Server 2026-04-16 N/A
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2005-1683 1 Microsoft 1 Word 2026-04-16 N/A
Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
CVE-2005-1685 1 Episodex 1 Episodex Guestbook 2026-04-16 N/A
episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp.
CVE-2005-1686 2 Gnome, Redhat 2 Gedit, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVE-2005-1687 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
CVE-2005-1688 1 Wordpress 1 Wordpress 2026-04-16 5.3 Medium
Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in an error message.