Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3146 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2026-04-16 | N/A |
| StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2005-1109 | 1 Junkbuster | 1 Internet Junkbuster | 2026-04-16 | N/A |
| The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. | ||||
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2026-04-16 | N/A |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | ||||
| CVE-2005-3147 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2026-04-16 | N/A |
| StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information. | ||||
| CVE-2005-1117 | 1 All4www | 1 All4www-homepagecreator | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2005-1126 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | ||||
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2026-04-16 | N/A |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | ||||
| CVE-2005-3148 | 2 Storebackup, Suse | 2 Storebackup, Suse Linux | 2026-04-16 | N/A |
| StoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by storeBackup.pl, or (2) recovered by storeBackupRecover.pl, which could cause files to be restored with incorrect ownership. | ||||
| CVE-2005-1135 | 1 Alexander Palmo | 1 Simple Php Blog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-1141 | 1 Optical Character Recognition Project | 1 Optical Character Recognition | 2026-04-16 | 9.8 Critical |
| Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | ||||
| CVE-2005-1143 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. | ||||
| CVE-2005-1145 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146 | ||||
| CVE-2005-1146 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145 | ||||
| CVE-2005-1147 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. | ||||
| CVE-2005-1148 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | ||||
| CVE-2005-1149 | 1 Acnews | 1 Acnews | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2005-1150 | 1 Sun | 1 Java System Web Server | 2026-04-16 | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | ||||
| CVE-2005-1153 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | ||||
| CVE-2005-1154 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | ||||
| CVE-2005-1155 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | ||||