Export limit exceeded: 47374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0231 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
CVE-2005-0234 1 Apple 1 Safari 2026-04-16 N/A
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-0236 1 Omnigroup 1 Omniweb 2026-04-16 N/A
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-0237 2 Kde, Redhat 3 Kde, Konqueror, Enterprise Linux 2026-04-16 N/A
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-0238 4 Gnome, Mozilla, Omnigroup and 1 more 5 Epiphany, Camino, Mozilla and 2 more 2026-04-16 N/A
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2005-1072 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML.
CVE-2005-0241 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.
CVE-2005-0242 1 Yahoo 1 Messenger 2026-04-16 N/A
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
CVE-2005-0243 1 Yahoo 1 Messenger 2026-04-16 N/A
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
CVE-2005-0246 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.
CVE-2005-0818 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.
CVE-2005-0819 1 Novell 1 Netware 2026-04-16 N/A
The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.
CVE-2005-0820 1 Microsoft 1 Office Infopath 2026-04-16 N/A
Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
CVE-2005-0828 3 Ciamos, E-xoops, Runcms 3 Ciamos, E-xoops, Runcms 2026-04-16 N/A
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
CVE-2005-1178 1 Oracle 1 Forms 2026-04-16 N/A
SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.
CVE-2005-0830 1 Xzabite 1 Dyndnsupdate 2026-04-16 N/A
Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors.
CVE-2005-0831 1 Php-post 1 Php-post Web Forum 2026-04-16 N/A
PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.
CVE-2005-0853 1 Betaparticle 1 Betaparticle Blog 2026-04-16 N/A
betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0.
CVE-2005-0854 1 Betaparticle 1 Betaparticle Blog 2026-04-16 N/A
betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.
CVE-2005-0867 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.