Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1642 1 Woltlab 1 Burning Board 2026-04-16 N/A
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
CVE-2005-1643 1 Jorg Ruppel 1 Zoidcom 2026-04-16 N/A
The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read.
CVE-2004-0684 1 Ibm 2 Websphere Caching Proxy Server, Websphere Edge Server Caching Proxy 2026-04-16 N/A
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
CVE-2005-1644 1 1two 1 Livre D Or 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters.
CVE-2005-1645 1 Keyvan1 1 Imagegallery 2026-04-16 N/A
Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
CVE-2006-0366 1 Phpclanwebsite 1 Phpclanwebsite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag.
CVE-2005-1655 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.
CVE-2005-1702 1 Black Cactus 2 Warrior Kings, Warrior Kings Battles 2026-04-16 N/A
Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname.
CVE-2005-1657 1 Mercur 1 Mercur Messaging 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
CVE-2006-2718 1 Jiwa 1 Financials 2026-04-16 N/A
JIWA Financials 6.4.14 passes a Microsoft SQL Server account's username and password, and the name of a data source, to a Crystal Reports .rpt file, which allows remote authenticated users to execute certain standard stored procedures by referencing them in a user-written .rpt file, as demonstrated by using a stored procedure that provides the username and cleartext password of every account.
CVE-2005-1710 1 Bluecoat 1 Reporter 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page.
CVE-2005-1665 1 Microsoft 1 Asp.net 2026-04-16 N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
CVE-2006-2724 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote authenticated administrators to inject arbitrary HTML or web script to other administrators via the "Admin note" feature, a different vulnerability than CVE-2006-2227.
CVE-2005-1679 1 Timo Rossi 1 Picasm 2026-04-16 N/A
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.
CVE-2006-2726 1 Fastpublish 1 Fastpublish Cms 2026-04-16 N/A
PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the config[fsBase] parameter in (1) drucken.php, (2) drucken2.php, (3) email_an_benutzer.php, (4) rechnung.php, (5) suche/search.php and (6) adminbereich/admin.php.
CVE-2005-1681 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.
CVE-2006-2730 1 Hot Open Tickets 1 Hot Open Tickets 2026-04-16 N/A
PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite vulnerability.
CVE-2005-1718 1 Ls Games 1 War Times 2026-04-16 N/A
Buffer overflow in LS Games War Times 1.03 and earlier allows remote attackers to cause a denial of service (server crash) via a long nickname.
CVE-2005-1693 3 Broadcom, Ca, Zonelabs 14 Etrust Antivirus, Etrust Antivirus Ee, Etrust Ez Armor and 11 more 2026-04-16 N/A
Integer overflow in Computer Associates Vet Antivirus library, as used by CA InoculateIT 6.0, eTrust Antivirus r6.0 through 7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, BrightStor ARCserve Backup (BAB) r11.1, Vet Antivirus, Zonelabs ZoneAlarm Security Suite, and ZoneAlarm Antivirus, allows remote attackers to gain privileges via a compressed VBA directory with a project name length of -1, which leads to a heap-based buffer overflow.
CVE-2005-1724 1 Apple 1 Mac Os X Server 2026-04-16 N/A
NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the -network or -mask flags for a filesystem and exports it to everyone, which allows remote attackers to bypass intended access restrictions.