Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-1510 1 Microsoft 1 .net Framework 2026-04-16 N/A
Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll system library, when used by the ILDASM disassembler in the Microsoft .NET 1.0 and 1.1 SDK, might allow user-assisted attackers to execute arbitrary code via a crafted .dll file with a large static method.
CVE-2005-1135 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-1138 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.
CVE-2005-1186 1 Musicmatch 1 Jukebox 2026-04-16 N/A
Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.
CVE-2002-0532 1 Emumail 3 Emumail, Emumail Red Hat Linux, Emumail Unix 2026-04-16 N/A
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
CVE-2005-1164 1 Yager Development 1 Yager Game 2026-04-16 N/A
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.
CVE-2005-1168 1 Musicmatch 1 Jukebox 2026-04-16 N/A
DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument.
CVE-2005-1169 1 Mafia 1 Mafia Blog 2026-04-16 N/A
Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.
CVE-2005-1291 1 Cartwiz 1 Asp Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
CVE-2005-1301 1 Nprotect 1 Netizen 2026-04-16 N/A
nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files.
CVE-2005-1305 1 Hyper.cgi 1 Hyper.cgi 2026-04-16 N/A
The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2005-1315 1 Horde 1 Turba 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1344 1 Apache 1 Http Server 2026-04-16 N/A
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-2005-1358 1 Text.cgi 1 Text.cgi 2026-04-16 N/A
text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2005-2316 1 Dnrd 1 Dnrd 2026-04-16 N/A
Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer).
CVE-2005-2338 1 Xoops 1 Xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.
CVE-2005-2339 1 Msearch 1 Unicode Msearch 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2005-2357 1 Emc 1 Navisphere Manager 2026-04-16 N/A
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2005-2457 1 Linux 1 Linux Kernel 2026-04-16 N/A
The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.
CVE-2005-2458 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".