Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0249 | 1 Symantec | 11 Antivirus Scan Engine, Brightmail Antispam, Client Security and 8 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | ||||
| CVE-2005-0250 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. | ||||
| CVE-2005-0264 | 1 Owl | 1 Owl Intranet Engine | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter. | ||||
| CVE-2005-0255 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2026-04-16 | N/A |
| String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. | ||||
| CVE-2005-0258 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter. | ||||
| CVE-2005-0259 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file. | ||||
| CVE-2005-0260 | 1 Broadcom | 1 Brightstor Arcserve Backup | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call. | ||||
| CVE-2005-0261 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files. | ||||
| CVE-2005-0262 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. | ||||
| CVE-2005-0266 | 1 Sugarcrm | 1 Sugarcrm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. | ||||
| CVE-2005-0267 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | ||||
| CVE-2005-0268 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | ||||
| CVE-2005-0333 | 1 Lanchat Pro Revival | 1 Lanchat Pro Revival | 2026-04-16 | N/A |
| LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet. | ||||
| CVE-2005-0284 | 1 Woltlab | 1 Burning Book | 2026-04-16 | N/A |
| SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | ||||
| CVE-2005-0285 | 1 Bottomline | 1 Webseries Payment Application | 2026-04-16 | N/A |
| Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. | ||||
| CVE-2005-0286 | 1 Emotion | 1 Mediapartner Web Server | 2026-04-16 | N/A |
| eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file. | ||||
| CVE-2005-0287 | 1 Bottomline | 1 Webseries Payment Application | 2026-04-16 | N/A |
| Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values. | ||||
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2026-04-16 | N/A |
| The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | ||||
| CVE-2005-0290 | 1 Netgear | 1 Fvs318 | 2026-04-16 | N/A |
| NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | ||||
| CVE-2005-0291 | 1 Netgear | 1 Fvs318 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | ||||