Export limit exceeded: 363676 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363676 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3111 1 Debian 1 Backupninja 2026-04-16 N/A
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
CVE-2005-3112 1 Macromedia 1 Breeze 2026-04-16 N/A
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
CVE-2005-0655 1 Arif Supriyanto 1 Auracms 2026-04-16 N/A
auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.
CVE-2005-3113 1 Nateon 1 Nateon Messenger 2026-04-16 N/A
The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method.
CVE-2005-0656 1 Arif Supriyanto 1 Auracms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php.
CVE-2005-3114 1 Nateon 1 Nateon Messenger 2026-04-16 N/A
Buffer overflow in the ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long third argument to the GotNate.Excute method.
CVE-2005-0657 1 Computalynx 1 Cproxy 2026-04-16 N/A
Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot) in an HTTP request.
CVE-2005-3115 1 Mpeg-tools 1 Mpeg-tools 2026-04-16 N/A
mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN].
CVE-2005-3653 2 Broadcom, Ca 34 Brightstor Arcserve Backup, Brightstor Arcserve Backup Laptops Desktops, Brightstor Portal and 31 more 2026-04-16 N/A
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
CVE-2005-3116 1 Symantec Veritas 1 Netbackup 2026-04-16 N/A
Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2005-0660 1 Adalis 1 D-forum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.
CVE-2005-3118 1 William Stearns 1 Mason 2026-04-16 N/A
Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.
CVE-2004-2091 1 Microsoft 1 Baseline Security Analyzer 2026-04-16 N/A
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
CVE-2005-2963 1 Mod Auth Shadow 1 Mod Auth Shadow 2026-04-16 N/A
The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions.
CVE-2005-2969 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Network Satellite and 1 more 2026-04-16 N/A
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
CVE-2005-3511 1 Spymac 1 Spymac Web Os 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action.
CVE-2005-3768 1 Symantec 10 Enterprise Firewall, Firewall Vpn Appliance 100, Firewall Vpn Appliance 200 and 7 more 2026-04-16 N/A
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
CVE-2004-1946 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.
CVE-2005-2978 2 Netpbm, Redhat 2 Netpbm, Enterprise Linux 2026-04-16 N/A
pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack.
CVE-2005-2986 1 Ahnlab 3 V3 Virusblock 2005, V3net, V3pro 2004 2026-04-16 N/A
The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges.