Export limit exceeded: 363296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1571 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
CVE-2005-1572 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083.
CVE-2005-1573 1 Darrel Oneil 1 Asp Virtual News Manager 2026-04-16 N/A
SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2005-1574 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
CVE-2005-1576 1 Mozilla 1 Firefox 2026-04-16 N/A
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.
CVE-2005-1577 1 Apg Technology 1 Classmaster 2026-04-16 N/A
APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.
CVE-2005-1578 1 Guidance Software 1 Encase 2026-04-16 N/A
EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.
CVE-2005-1579 1 Apple 1 Quicktime 2026-04-16 N/A
Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.
CVE-2005-1580 1 Boastmachine 1 Boastmachine 2026-04-16 N/A
users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.
CVE-2005-1581 1 Eric Fichot 1 Bug Report 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php.
CVE-2005-1582 1 1two 1 1two News 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables.
CVE-2005-1583 1 1two 1 1two News 2026-04-16 N/A
1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.
CVE-2005-1585 1 Open Solution 1 Quick.forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.
CVE-2005-1586 1 Open Solution 1 Quick.forum 2026-04-16 N/A
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.
CVE-2005-1587 1 Open Solution 1 Quick.cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.
CVE-2005-1605 1 Positive Software 1 Sitestudio 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.
CVE-2005-1606 1 Positive Software 1 H-sphere Winbox 2026-04-16 N/A
H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges.
CVE-2005-1607 1 Remote Cart 1 Remote Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters.
CVE-2005-1608 1 Spidean 2 At-lite, Autotheme 2026-04-16 N/A
Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact.
CVE-2005-1609 1 Sun 1 Storedge 6130 Arrays 2026-04-16 N/A
Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data.