Search Results (363643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1071 1 Jportal 1 Jportal Web Portal 2026-04-16 N/A
SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter.
CVE-2001-0807 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.
CVE-2005-1073 1 Radscripts 1 Radbids 2026-04-16 N/A
Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.
CVE-2005-1074 1 Radscripts 1 Radbids 2026-04-16 N/A
SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
CVE-2006-1542 2 Python, Redhat 2 Python, Network Satellite 2026-04-16 N/A
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.
CVE-2002-0400 2 Isc, Redhat 3 Bind, Enterprise Linux, Linux 2026-04-16 N/A
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
CVE-2005-1075 1 Radscripts 1 Radbids 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.
CVE-2005-1077 1 Xampp 1 Apache Distribution 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.
CVE-2005-1078 1 Xampp 1 Apache Distribution 2026-04-16 N/A
XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges.
CVE-2005-1080 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2026-04-16 N/A
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
CVE-2005-1082 1 Azerbaijan Development Group 1 Azdgdating 2026-04-16 N/A
Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php.
CVE-2005-1084 1 Aewebworks 1 Aedating 2026-04-16 N/A
SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter.
CVE-2005-1086 1 An 1 An-httpd 2026-04-16 N/A
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
CVE-2006-1543 1 Vscripts 1 Vnews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) loginvar parameter in (a) admin/admin.php, and the (2) news and (3) nom parameters in (b) news.php.
CVE-2005-1089 1 Dc\+\+ 1 Dc\+\+ 2026-04-16 N/A
Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files.
CVE-2006-1551 1 Georges Auberger 1 Pajax 2026-04-16 N/A
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
CVE-2005-1092 1 Light Speed Technology 1 Deluxeftp 2026-04-16 N/A
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.
CVE-2006-1552 1 Apple 4 Imageio, Mac Os X, Mac Os X Server and 1 more 2026-04-16 N/A
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
CVE-2005-1094 1 Network-client.com 1 Ftp Now 2026-04-16 N/A
FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.
CVE-2005-1106 1 Apple 1 Quicktime Pictureviewer 2026-04-16 N/A
PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.