Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2713 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
CVE-2005-2715 1 Symantec Veritas 2 Netbackup Data And Business Center, Netbackup Enterprise Server Client 2026-04-16 N/A
Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command.
CVE-2005-2716 1 Nokia 1 Affix 2026-04-16 N/A
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
CVE-2006-1963 1 Pcpin 1 Pcpin Chat 2026-04-16 N/A
Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and earlier allows remote authenticated users to include and execute arbitrary PHP code via a ".." (dot dot) in a language cookie, as demonstrated by uploading then accessing a smiliefile image that actually contains PHP code.
CVE-2005-2717 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts.
CVE-2005-2718 1 Mplayer 1 Mplayer 2026-04-16 N/A
Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk.
CVE-2006-1964 1 Aspsitem 1 Aspsitem 2026-04-16 N/A
SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-4494 1 Microsoft 1 Visual Studio 2026-04-16 N/A
Microsoft Visual Studio 6.0 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Visual Studio 6.0 ActiveX COM Objects in Internet Explorer, including (1) tcprops.dll, (2) fp30wec.dll, (3) mdt2db.dll, (4) mdt2qd.dll, and (5) vi30aut.dll.
CVE-2005-2774 1 Lithium Software 1 Lithium Ii Mod 2026-04-16 N/A
Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname.
CVE-2006-2025 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2026-04-16 N/A
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image.
CVE-2005-2775 1 Phpwebnotes 1 Phpwebnotes 2026-04-16 N/A
php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter.
CVE-2005-2776 1 Looking Glass 1 Looking Glass 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php.
CVE-2006-4523 1 2wire Inc 2 Homeportal, Officeportal 2026-04-16 N/A
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
CVE-2005-2777 1 Looking Glass 1 Looking Glass 2026-04-16 N/A
Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field.
CVE-2005-2778 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter.
CVE-2005-2779 1 Itan Online-banking Security System 1 Itan Online-banking Security System 2026-04-16 N/A
The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack.
CVE-2006-2028 1 Simplog 1 Simplog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. NOTE: this issue might be resultant from directory traversal.
CVE-2005-2780 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.
CVE-2005-2781 1 Ilia Alshanetsky 1 Fudforum 2026-04-16 N/A
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
CVE-2005-2782 1 Autolinks 1 Autolinks 2026-04-16 N/A
PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.