Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2180 1 Gnu 1 Gnats 2026-04-16 N/A
gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.
CVE-2002-1417 1 Novell 2 Netware, Small Business Suite 2026-04-16 N/A
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.
CVE-2005-2199 1 Skrypty 1 Ppa Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
CVE-2005-2201 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
CVE-2005-2202 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2208 1 Privashare 1 Privashare 2026-04-16 N/A
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2005-2215 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
CVE-2005-2216 1 Photogal 1 Photogal Photo Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.
CVE-2005-2218 1 Freebsd 1 Freebsd 2026-04-16 N/A
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.
CVE-2005-2225 1 Microsoft 1 Msn Messenger Service 2026-04-16 N/A
Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers.
CVE-2002-1434 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Web mail module of Kerio MailServer 5.0 allow remote attackers to execute HTML script as other users via certain URLs.
CVE-2005-2230 1 Elmo 1 Elmo 2026-04-16 N/A
Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files.
CVE-2000-1135 1 Debian 1 Debian Linux 2026-04-16 N/A
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
CVE-2005-2240 1 Xpvm 1 Xpvm 2026-04-16 N/A
xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file.
CVE-2005-2243 1 Cisco 1 Call Manager 2026-04-16 N/A
Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1, when Multi Level Admin (MLA) is enabled, allows remote attackers to cause a denial of service (memory consumption) via a large number of Admin Service Tool (AST) logins that fail.
CVE-2005-2244 1 Cisco 1 Call Manager 2026-04-16 N/A
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
CVE-2001-1514 1 Macromedia 1 Coldfusion 2026-04-16 N/A
ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.
CVE-2005-2245 1 F5 1 Tmos 2026-04-16 N/A
Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers to "subvert the authentication of SSL transactions," via unknown attack vectors, possibly involving NATIVE ciphers.
CVE-2002-1445 1 W3c 1 Cern Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.
CVE-2005-2252 1 Gianluca Baldo 1 Phpauction 2026-04-16 N/A
PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.