Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0327 1 Php Arena 1 Pafiledb 2026-04-16 N/A
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.
CVE-2006-0411 1 Claroline 1 Claroline 2026-04-16 N/A
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
CVE-2005-0328 2 Netgear, Zyxel 3 Rt311, Rt314, Prestige 2026-04-16 N/A
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.
CVE-2005-0329 1 Zipgenius 1 Zipgenius 2026-04-16 N/A
Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.
CVE-2005-0330 1 People Can Fly 1 Painkiller 2026-04-16 N/A
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.
CVE-2005-0331 1 Rarlab 1 Winrar 2026-04-16 N/A
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.
CVE-2005-0334 1 Linksys 1 Psus4 Printserver 2026-04-16 N/A
Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value.
CVE-2006-0414 1 Tor 1 Tor 2026-04-16 N/A
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.
CVE-2005-0337 3 Redhat, Suse, Wietse Venema 4 Enterprise Linux, Enterprise Linux Desktop, Suse Linux and 1 more 2026-04-16 N/A
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
CVE-2005-0344 1 Software602 1 602lan Suite 2026-04-16 N/A
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2005-0353 1 Safenet 1 Sentinel License Manager 2026-04-16 N/A
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
CVE-2005-0434 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.
CVE-2005-0435 1 Awstats 1 Awstats 2026-04-16 N/A
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
CVE-2006-0436 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors.
CVE-2006-2698 1 Geeklog 1 Geeklog 2026-04-16 N/A
Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the full installation path via a direct request and possibly invalid arguments to (1) layout/professional/functions.php or (2) getimage.php.
CVE-2005-0436 1 Awstats 1 Awstats 2026-04-16 N/A
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.
CVE-2005-0437 1 Awstats 1 Awstats 2026-04-16 N/A
Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.
CVE-2006-0437 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via Javascript events such as "onmouseover" in the (1) smile_url or (2) smile_emotion parameters, which bypasses a check for "<" and ">" characters.
CVE-2005-0438 1 Awstats 1 Awstats 2026-04-16 N/A
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.
CVE-2006-2699 1 Geeklog 1 Geeklog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog 1.4.0sr2 and earlier allows remote attackers to inject arbitrary HTML or web script via the image argument in a show action.