Search Results (363501 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0497 1 Adp 1 Elite System Max 9000 2026-04-16 N/A
ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.
CVE-2005-3055 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
CVE-2005-3057 1 Fortinet 2 Fortigate, Fortios 2026-04-16 N/A
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.
CVE-2005-0533 1 Trend Micro 15 Client-server-messaging Suite Smb, Client-server Suite Smb, Control Manager and 12 more 2026-04-16 N/A
Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.
CVE-2005-3066 1 Scriptsolutions 1 Perldiver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.
CVE-2005-3076 1 Simplog 1 Simplog 2026-04-16 N/A
Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php.
CVE-2005-0536 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion.
CVE-2005-3085 1 Riverdark Studios 1 Rss Syndicator Module 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters.
CVE-2005-3093 1 Nokia 2 3210, 7610 2026-04-16 N/A
Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer.
CVE-2005-0542 1 Cyclades 1 Alterpath Manager 2026-04-16 N/A
saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true.
CVE-2005-3096 1 Avi Alkalay 1 Nslookup.cgi 2026-04-16 N/A
Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter.
CVE-2005-3794 1 Alstrasoft 1 Affiliate Network Pro 2026-04-16 N/A
AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.
CVE-2005-3962 2 Perl, Redhat 2 Perl, Enterprise Linux 2026-04-16 N/A
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
CVE-2005-0562 1 Microsoft 1 Msn Messenger 2026-04-16 N/A
GIF file validation error in MSN Messenger 6.2 allows remote attackers in a user's contact list to execute arbitrary code via a GIF image with an improper height and width.
CVE-2005-0565 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.
CVE-2005-3097 1 Avi Alkalay 1 Contribute.cgi 2026-04-16 N/A
Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable.
CVE-2005-3635 1 Sap 1 Sap Web Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
CVE-2005-3098 1 Qualcomm 1 Qpopper 2026-04-16 N/A
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
CVE-2005-3796 1 Alstrasoft 1 Affiliate Network Pro 2026-04-16 N/A
Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.
CVE-2005-3971 1 Citrix 2 Metaframe Secure Access Manager, Nfuse 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field.