Search Results (363425 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1320 1 Horde 1 Mnemo 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1346 1 Symantec 7 Antivirus Scan Engine, Mail Security, Norton Antivirus and 4 more 2026-04-16 N/A
Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.
CVE-2005-3205 1 Oracle 1 Database Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table.
CVE-2005-3844 1 Phpwordpress 1 Php News And Article Manager 2026-04-16 N/A
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
CVE-2005-1370 1 Hp 1 Openview Radia Management Portal 2026-04-16 N/A
Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.
CVE-2005-4066 1 Christian Ghisler 1 Total Commander 2026-04-16 N/A
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm.
CVE-2005-1371 1 Bulletproof 1 Bulletproof Ftp Server 2026-04-16 N/A
BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges.
CVE-2005-3220 1 Norman 1 Virus Control Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Norman Virus Control Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-1372 1 Bakbone 1 Netvault 2026-04-16 N/A
nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu.
CVE-2005-3227 1 Una 1 Una Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of UNA Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-1373 1 Dream4 1 Koobi Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.
CVE-2005-1374 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
CVE-2005-1375 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
CVE-2005-1377 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
CVE-2005-0673 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.
CVE-2005-3121 1 Eduard Bloch 1 Module-assistant 2026-04-16 N/A
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
CVE-2005-0706 2 Grip, Redhat 2 Grip, Enterprise Linux 2026-04-16 N/A
Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.
CVE-2005-3124 1 Acme Labs 1 Thttpd 2026-04-16 N/A
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
CVE-2005-3126 1 Antiword 1 Antiword 2026-04-16 N/A
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.
CVE-2005-3127 1 Lucidcms 1 Lucidcms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string.