Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1647 1 Gurgens 1 Gurgens Guest Book 2026-04-16 N/A
Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.
CVE-2005-1648 1 Gurgens 1 Gurgens Ultimate Forum 2026-04-16 N/A
Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords.
CVE-2005-1665 1 Microsoft 1 Asp.net 2026-04-16 N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
CVE-2005-1667 1 Datatrac 1 Activity Console 2026-04-16 N/A
DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.
CVE-2005-1670 1 Extremenetworks 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos 2026-04-16 N/A
Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands.
CVE-2005-1671 1 Yahoo 1 Messenger 2026-04-16 N/A
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
CVE-2005-1673 1 Ubertec 1 Help Center Live 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.
CVE-2005-1675 1 Groove 2 Groove Workspace, Virtual Office 2026-04-16 N/A
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information.
CVE-2005-1676 1 Groove 2 Groove Workspace, Virtual Office 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.
CVE-2005-1677 1 Groove 2 Groove Workspace, Virtual Office 2026-04-16 N/A
Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects.
CVE-2005-1678 1 Groove 2 Groove Workspace, Virtual Office 2026-04-16 N/A
Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code.
CVE-2005-1679 1 Timo Rossi 1 Picasm 2026-04-16 N/A
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.
CVE-2005-1681 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
PHP remote file inclusion vulnerability in common.php in phpATM 1.21, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via a URL in the include_location parameter to index.php.
CVE-2005-1683 1 Microsoft 1 Word 2026-04-16 N/A
Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
CVE-2005-1684 1 Episodex 1 Episodex Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields.
CVE-2005-1686 2 Gnome, Redhat 2 Gedit, Enterprise Linux 2026-04-16 N/A
Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.
CVE-2005-1687 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter.
CVE-2005-1691 1 Sap 1 Sap R 3 2026-04-16 N/A
Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request.
CVE-2005-1692 1 Xine 1 Gxine 2026-04-16 N/A
Format string vulnerability in gxine 0.4.1 through 0.4.4, and other versions down to 0.3, allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers.
CVE-2005-1694 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia module in PostNuke 0.750 allow remote attackers to execute arbitrary SQL commands via the (1) name or (2) module parameter.