Search Results (363400 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1423 1 Software602 1 602lan Suite 2026-04-16 N/A
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
CVE-2005-3269 1 Sun 4 Java System Directory Proxy Server, Java System Directory Server, One Administration Server and 1 more 2026-04-16 N/A
Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.
CVE-2005-3667 1 Internet Key Exchange 1 Internet Key Exchange 2026-04-16 N/A
Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate.
CVE-2005-3849 1 Pmwiki 1 Pmwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-4083 1 Phpbb Styles 1 Extreme Styles Phpbb Module 2026-04-16 N/A
Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.
CVE-2005-1426 1 Uapplication 1 Ublog 2026-04-16 N/A
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb).
CVE-2005-1427 1 Uapplication 1 Uphotogallery 2026-04-16 N/A
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb.
CVE-2005-3987 1 Tradesoft 1 Tradesoft Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors.
CVE-2005-1428 1 Uapplication 1 Uphotogallery 2026-04-16 N/A
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.
CVE-2005-1434 1 Hp 1 Openview Network Node Manager 2026-04-16 N/A
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.
CVE-2005-1438 1 Osticket 1 Osticket 2026-04-16 N/A
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
CVE-2005-1441 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).
CVE-2005-3135 1 Virtools 1 Web Player 2026-04-16 N/A
Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename.
CVE-2005-1013 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-16 N/A
The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.
CVE-2005-3136 1 Virtools 1 Web Player 2026-04-16 N/A
Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename.
CVE-2005-3137 1 Gnu 1 Cfengine 2026-04-16 N/A
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
CVE-2005-1049 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled.
CVE-2005-3138 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
CVE-2005-1073 1 Radscripts 1 Radbids 2026-04-16 N/A
Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.
CVE-2005-3139 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.