Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1603 1 Niteenterprises 1 Remote File Manager 2026-04-16 N/A
NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080.
CVE-2005-3676 1 Phpwebthings 1 Phpwebthings 2026-04-16 N/A
SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter.
CVE-2005-1320 1 Horde 1 Mnemo 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-2877 1 Twiki 1 Twiki 2026-04-16 N/A
The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers.
CVE-2004-1571 1 Aj-fork 1 Aj-fork 2026-04-16 N/A
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message.
CVE-2005-3677 1 Realnetworks 1 Realplayer 2026-04-16 N/A
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different.
CVE-2005-4153 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
CVE-2002-1168 1 Ibm 1 Websphere Caching Proxy Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to execute script as other users via an HTTP request that contains an Location: header with a "%0a%0d" (CRLF) sequence, which echoes the Location as an HTTP header in the server response.
CVE-2005-2879 1 Advansysperu Software 1 Usb Lock Auto-protect 2026-04-16 N/A
Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.
CVE-2005-3680 1 Xoops 1 Xoops 2026-04-16 N/A
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
CVE-2005-4389 1 Contens 1 Contens 2026-04-16 N/A
search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.
CVE-2005-2884 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event.
CVE-2005-4629 1 Smbcms 1 Smbcms 2026-04-16 N/A
SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters.
CVE-2005-1626 1 Pico Server 1 Pico Server 2026-04-16 N/A
Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.
CVE-2005-3681 1 Xoops 1 Wf-downloads 2026-04-16 N/A
SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.
CVE-2005-4391 1 Mindroute Software 1 Damoon 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter.
CVE-2005-3687 1 Whm Autopilot 1 Whm Autopilot 2026-04-16 N/A
cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter.
CVE-2005-1648 1 Gurgens 1 Gurgens Ultimate Forum 2026-04-16 N/A
Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.
CVE-2005-1662 1 Jeuce 1 Jeuce Personal Web Server 2026-04-16 N/A
Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2002-1182 1 Microsoft 1 Internet Information Services 2026-04-16 N/A
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.