Export limit exceeded: 363296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1571 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts. | ||||
| CVE-2005-1572 | 1 Wenig And Spitzer-williams | 1 Showoff Digital Media Software | 2026-04-16 | N/A |
| ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083. | ||||
| CVE-2005-1573 | 1 Darrel Oneil | 1 Asp Virtual News Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2005-1574 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled. | ||||
| CVE-2005-1576 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files. | ||||
| CVE-2005-1577 | 1 Apg Technology | 1 Classmaster | 2026-04-16 | N/A |
| APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share. | ||||
| CVE-2005-1578 | 1 Guidance Software | 1 Encase | 2026-04-16 | N/A |
| EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection. | ||||
| CVE-2005-1579 | 1 Apple | 1 Quicktime | 2026-04-16 | N/A |
| Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. | ||||
| CVE-2005-1580 | 1 Boastmachine | 1 Boastmachine | 2026-04-16 | N/A |
| users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2005-1581 | 1 Eric Fichot | 1 Bug Report | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php. | ||||
| CVE-2005-1582 | 1 1two | 1 1two News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables. | ||||
| CVE-2005-1583 | 1 1two | 1 1two News | 2026-04-16 | N/A |
| 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | ||||
| CVE-2005-1585 | 1 Open Solution | 1 Quick.forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory. | ||||
| CVE-2005-1586 | 1 Open Solution | 1 Quick.forum | 2026-04-16 | N/A |
| Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | ||||
| CVE-2005-1587 | 1 Open Solution | 1 Quick.cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. | ||||
| CVE-2005-1605 | 1 Positive Software | 1 Sitestudio | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere. | ||||
| CVE-2005-1606 | 1 Positive Software | 1 H-sphere Winbox | 2026-04-16 | N/A |
| H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. | ||||
| CVE-2005-1607 | 1 Remote Cart | 1 Remote Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters. | ||||
| CVE-2005-1608 | 1 Spidean | 2 At-lite, Autotheme | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact. | ||||
| CVE-2005-1609 | 1 Sun | 1 Storedge 6130 Arrays | 2026-04-16 | N/A |
| Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data. | ||||