Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1613 1 Openbb 1 Openbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.
CVE-2005-1614 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
CVE-2005-1616 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to obtain sensitive information via an invalid (1) id or possibly (2) postorder parameter, which reveals the path in an error message when a file can not be opened.
CVE-2005-1617 1 Willings 2 Webcam, Webcam Lite 2026-04-16 N/A
Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information.
CVE-2005-1618 1 Yahoo 1 Messenger 2026-04-16 N/A
The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows remote attackers to cause a denial of service (disconnect) via a room login or a room join request packet with a third : (colon) and an & (ampersand), which causes Messenger to send a corrupted packet to the server, which triggers a disconnect from the server.
CVE-2005-1620 1 Soren Boysen 1 Skull-splitter Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook 1.0, 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.
CVE-2005-1621 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.
CVE-2005-1622 1 Metalinks 1 Metacart E-shop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter.
CVE-2005-1625 2 Adobe, Redhat 2 Acrobat Reader, Rhel Extras 2026-04-16 N/A
Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag.
CVE-2005-1626 1 Pico Server 1 Pico Server 2026-04-16 N/A
Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code.
CVE-2005-1627 1 Viewglob 1 Viewglob 2026-04-16 N/A
Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact.
CVE-2005-1629 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter.
CVE-2005-2184 1 Emc 1 Eroom 2026-04-16 N/A
eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file.
CVE-2005-2185 1 Emc 1 Eroom 2026-04-16 N/A
eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks.
CVE-2005-2187 1 Mcafee 1 Intrushield Security Management System 2026-04-16 N/A
McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp.
CVE-2005-2189 1 Lantronix 1 Securelinx 2026-04-16 N/A
Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.
CVE-2005-2192 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
CVE-2005-2193 1 Punbb 1 Punbb 2026-04-16 N/A
SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.
CVE-2005-2195 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
CVE-2005-2197 1 Id Board 1 Id Board 2026-04-16 N/A
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.