Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3390 2 Php, Redhat 4 Php, Enterprise Linux, Rhel Stronghold and 1 more 2026-04-16 N/A
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
CVE-2005-3391 1 Php 1 Php 2026-04-16 N/A
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
CVE-2005-3394 1 Oaboard 1 Oaboard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.
CVE-2005-3395 1 Invision Power Services 1 Invision Gallery 2026-04-16 N/A
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2005-3396 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
CVE-2005-3415 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.
CVE-2005-3416 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.
CVE-2005-3417 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.
CVE-2005-3419 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
CVE-2005-3420 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
CVE-2005-3421 1 Hyper Estraier 1 Hyper Estraier 2026-04-16 N/A
estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
CVE-2005-3422 1 10-4 Aps 1 Asp Fast Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Forum allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2005-3423 1 Subdreamer 1 Subdreamer 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.
CVE-2005-3424 1 Gnu 1 Gnump3d 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.
CVE-2005-3425 1 Gnu 1 Gnump3d 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
CVE-2005-3426 1 Cisco 1 Content Services Switch 11500 2026-04-16 N/A
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
CVE-2005-3988 1 Pineapple Technologies 1 Lore 2026-04-16 N/A
SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-3989 1 Avaya 1 Tn2602ap Ip Media Resource 320 Circuit Pack 2026-04-16 N/A
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets.
CVE-2005-3991 1 Phpheaven 1 Phpmychat 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php.
CVE-2005-3992 1 Wineggdropshell 1 Wineggdropshell 2026-04-16 N/A
Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server.