Search Results (365311 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0685 1 Outstart 1 Participate Enterprise 2026-04-16 N/A
Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands.
CVE-2005-3696 1 Arki-db 1 Arki-db 2026-04-16 N/A
SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php.
CVE-2005-4712 1 Php Handicapper 1 Php Handicapper 2026-04-16 N/A
CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well.
CVE-2005-0691 1 Socialmpn 1 Socialmpn 2026-04-16 N/A
PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code.
CVE-1999-0368 7 Caldera, Debian, Proftpd Project and 4 more 8 Openlinux, Debian Linux, Proftpd and 5 more 2026-04-16 N/A
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
CVE-1999-1448 1 Qualcomm 2 Eudora, Eudora Light 2026-04-16 N/A
Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault.
CVE-2005-0700 1 Aztek Forum 1 Aztek Forum 2026-04-16 N/A
The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie.
CVE-2005-3701 1 Apple 1 Mac Os X Server 2026-04-16 N/A
Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors.
CVE-2005-3710 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
CVE-2005-0703 1 Xerox 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more 2026-04-16 N/A
Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179.
CVE-2005-0718 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (segmentation fault) by aborting the connection during a (1) PUT or (2) POST request, which causes Squid to access previously freed memory.
CVE-2005-0724 1 Php Arena 1 Pafiledb 2026-04-16 N/A
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.
CVE-1999-0369 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
CVE-2005-0733 1 Py Software 1 Active Webcam 2026-04-16 N/A
PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.
CVE-1999-0379 1 Microsoft 1 Backoffice Resource Kit 2026-04-16 N/A
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
CVE-2005-0738 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
CVE-2005-0739 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
CVE-1999-0388 1 Datalynx 1 Suguard 2026-04-16 N/A
DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.
CVE-1999-1456 1 Thttpd 1 Thttpd Http Server 2026-04-16 N/A
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
CVE-2005-0742 1 Sun 1 Java System Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.