Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0635 1 Foxmail 1 Foxmail Email Server 2026-04-16 N/A
Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.
CVE-2005-0798 1 Novell 1 Ichain 2026-04-16 N/A
Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks.
CVE-2005-0799 1 Oracle 1 Mysql 2026-04-16 N/A
MySQL 4.1.9, and possibly earlier versions, allows remote attackers with certain privileges to cause a denial of service (application crash) via a use command followed by an MS-DOS device name such as (1) LPT1 or (2) PRN.
CVE-2005-0847 1 Code Ocean 1 Ocean Ftp Server 2026-04-16 N/A
Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections.
CVE-2005-0818 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
CVE-2005-0819 1 Novell 1 Netware 2026-04-16 N/A
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
CVE-2005-0820 1 Microsoft 1 Office Infopath 2026-04-16 N/A
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
CVE-2005-0828 3 Ciamos, E-xoops, Runcms 3 Ciamos, E-xoops, Runcms 2026-04-16 N/A
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
CVE-2005-1178 1 Oracle 1 Forms 2026-04-16 N/A
SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.
CVE-2005-0830 1 Xzabite 1 Dyndnsupdate 2026-04-16 N/A
Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors.
CVE-2005-0831 1 Php-post 1 Php-post Web Forum 2026-04-16 N/A
PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.
CVE-2005-0853 1 Betaparticle 1 Betaparticle Blog 2026-04-16 N/A
betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.
CVE-2005-0854 1 Betaparticle 1 Betaparticle Blog 2026-04-16 N/A
betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
CVE-2005-0867 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.
CVE-2005-0868 4 Bosanova, Ibm, Mochasoft and 1 more 4 Launcher400, Client Access, Tn5250 and 1 more 2026-04-16 N/A
AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.
CVE-2005-0869 1 Phpsysinfo 1 Phpsysinfo 2026-04-16 N/A
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
CVE-2005-0870 1 Phpsysinfo 1 Phpsysinfo 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
CVE-2005-0887 1 Michael Dean 1 Double Choco Latte 2026-04-16 N/A
Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement.
CVE-2005-0888 1 Michael Dean 1 Double Choco Latte 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.
CVE-2005-0890 1 Dream4 1 Koobi Cms 2026-04-16 N/A
SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter.