Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1125 1 Avaya 1 Libsafe 2026-04-16 N/A
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
CVE-2005-1127 1 Postgrey 1 Postgrey 2026-04-16 N/A
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
CVE-2005-1128 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
CVE-2005-1129 1 Egroupware 1 Egroupware 2026-04-16 N/A
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
CVE-2005-1130 1 Desert Dog Software 1 Pinnacle Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter.
CVE-2005-1131 1 Symantec Veritas 1 I3 Focalpoint Server 2026-04-16 N/A
Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.
CVE-2005-1132 1 Lg Electronics 1 Lg Mobile Phone 2026-04-16 N/A
LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.
CVE-2005-1133 1 Ibm 1 Iseries As 400 2026-04-16 N/A
The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.
CVE-2005-1134 1 S9y 1 Serendipity 2026-04-16 N/A
SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters.
CVE-2005-1136 1 Sphpblog 1 Sphpblog 2026-04-16 N/A
Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.
CVE-2005-1137 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.
CVE-2005-1138 1 Kerio 1 Kerio Mailserver 2026-04-16 N/A
Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.
CVE-2005-1140 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the comments.
CVE-2005-1142 1 Gocr 1 Optical Character Recognition Utility 2026-04-16 N/A
Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values.
CVE-2005-1143 1 Easyphpcalendar 1 Easyphpcalendar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter.
CVE-2005-1145 1 Calendarscript 1 Calendarscript 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146
CVE-2005-1146 1 Calendarscript 1 Calendarscript 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145
CVE-2005-1147 1 Calendarscript 1 Calendarscript 2026-04-16 N/A
calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information.
CVE-2005-1148 1 Calendarscript 1 Calendarscript 2026-04-16 N/A
calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.
CVE-2005-1149 1 Acnews 1 Acnews 2026-04-16 N/A
SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.