Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0691 2 Redhat, Trolltech 2 Enterprise Linux, Qt 2026-04-16 N/A
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
CVE-2005-1964 1 Cantico 1 Ovidentia 2026-04-16 N/A
PHP remote file inclusion vulnerability in utilit.php for Ovidentia Portal allows remote attackers to execute arbitrary PHP code via the babInstallPath parameter.
CVE-2005-2011 1 Php Arena 1 Pafaq 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action.
CVE-2005-1966 1 E107 1 E107 2026-04-16 N/A
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter.
CVE-2005-2021 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
CVE-2004-2014 2 Gnu, Redhat 2 Wget, Enterprise Linux 2026-04-16 N/A
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.
CVE-2005-1968 1 Early Impact 1 Productcart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce before 2.7 allows remote attackers to inject arbitrary web script or HTML via the error parameter to techErr.asp.
CVE-2005-1970 1 Symantec 1 Pcanywhere 2026-04-16 N/A
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
CVE-2005-1983 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
CVE-2005-1988 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
CVE-2005-2023 1 Suse 1 Suse Linux 2026-04-16 N/A
The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.
CVE-1999-1447 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 4.0 allows remote attackers to cause a denial of service (crash) via HTML code that contains a long CLASSID parameter in an OBJECT tag.
CVE-2005-2024 1 Vipul 1 Razor-agents 2026-04-16 N/A
Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.
CVE-2005-2027 1 Enterasys 1 Vertical Horizon-2402s 2026-04-16 N/A
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.
CVE-2005-2029 1 Amarok 1 Web Frontend 2026-04-16 N/A
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.
CVE-2005-1997 1 Mcgallery 1 Mcgallery 2026-04-16 N/A
show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter.
CVE-2000-0012 1 Hughes 1 Msql 2026-04-16 N/A
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
CVE-2005-2030 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
CVE-2005-2037 1 Fortibus 1 Fortibus Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page.
CVE-2005-2038 1 Fortibus 1 Fortibus Cms 2026-04-16 N/A
Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page.