Export limit exceeded: 365294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 15504 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4713 1 Pam Mysql 1 Pam Mysql 2026-04-16 N/A
Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.
CVE-2005-0857 1 Coolforum 1 Coolforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter.
CVE-2005-0858 1 Coolforum 1 Coolforum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.
CVE-2005-0859 1 Czaries Network 1 Czarnews 2026-04-16 N/A
PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php. NOTE: some sources have reported the "dir" parameter as being affected; however, this is likely a cut-and-paste error from the wrong section of the original vulnerability report. Also, the news.php version was later reported to be in 1.12 through 1.14.
CVE-2005-0863 1 Phpopenchat 1 Phpopenchat 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php.
CVE-2005-0864 1 Securecomputing 1 Samsung Adsl Modem 2026-04-16 N/A
The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request.
CVE-2005-0870 1 Phpsysinfo 1 Phpsysinfo 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
CVE-2005-0871 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.
CVE-2005-3722 1 Hitachi 1 Ip5000 Voip Wifi Phone 2026-04-16 N/A
The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.
CVE-2005-0880 1 Vortex Portal 1 Vortex Portal 2026-04-16 N/A
content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message.
CVE-2005-0890 1 Dream4 1 Koobi Cms 2026-04-16 N/A
SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter.
CVE-2005-0899 1 Ibm 1 Os 400 2026-04-16 N/A
AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.
CVE-2005-0901 1 Nukebookmarks 1 Nukebookmarks 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter.
CVE-2005-0906 3 Instance Four, Sacred, Ubi Soft 3 Tincat, Sacred, The Settlersheritage Of Kings 2026-04-16 N/A
Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code.
CVE-2005-3723 1 Hitachi 1 Ip5000 Voip Wifi Phone 2026-04-16 N/A
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access the Unidata Shell to obtain sensitive information or cause a denial of service.
CVE-2005-0907 1 Valdersoft 1 Shopping Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
CVE-2005-0916 1 Linux 1 Linux Kernel 2026-04-16 N/A
AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.
CVE-2005-3724 1 Zyxel 2 P2000w Version 1 Voip Wifi Phone, Prestige 2000w V.1voip Wi-fi Phone 2026-04-16 N/A
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
CVE-2005-0918 2 Adobe, Microsoft 2 Svg Viewer, Internet Explorer 2026-04-16 N/A
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
CVE-2005-0925 1 Uapplication 1 Ublog Reload 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.