Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2360 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.
CVE-2005-2362 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.
CVE-2005-2372 1 Oracle 1 Forms 2026-04-16 N/A
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.
CVE-2005-2386 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ 1.20 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2394 1 Cutephp 1 Cutenews 2026-04-16 N/A
show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the full path of the server via an invalid archive parameter.
CVE-2005-2398 1 Php Surveyor 1 Php Surveyor 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows remote attackers to execute arbitrary SQL commands via (1) the sid, start, and id parameters to browse.php, the sid parameter to (2) dataentry.php, (3) export.php, (4) admin.php, (5) conditions.php, (6) spss.php, (7) deletesurvey.php, (8) dumpsurvey.php, or (9) statistics.php, or the lid parameter to (10) labels.php or (11) dumplabel.php.
CVE-2005-2412 1 Php Firstpost 1 Php Firstpost 2026-04-16 N/A
PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.
CVE-2005-2413 1 Atomic Photo Album 1 Atomic Photo Album 2026-04-16 N/A
PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter.
CVE-2005-2419 1 Eci Telecom 1 B-focus Router 2026-04-16 N/A
B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg.
CVE-2005-2423 1 Beehive Forum 1 Beehive Forum 2026-04-16 N/A
Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message.
CVE-2005-2428 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.
CVE-2005-2431 1 Gforge 1 Gforge 2026-04-16 N/A
The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).
CVE-2005-2441 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
CVE-2005-2442 1 Spi Dynamics 1 Webinspect 2026-04-16 N/A
Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another.
CVE-2005-2450 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
CVE-2005-2451 1 Cisco 2 Ios, Ios Xr 2026-04-16 N/A
Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.
CVE-2005-2453 1 Networkactiv 1 Networkactiv Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2005-2471 2 Netpbm, Redhat 2 Netpbm, Enterprise Linux 2026-04-16 N/A
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
CVE-2002-1488 1 Cerulean Studios 1 Trillian 2026-04-16 N/A
The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.
CVE-2005-2472 1 Netcplus 1 Businessmail 2026-04-16 N/A
Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.