Export limit exceeded: 365366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365366 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0009 1 Microsoft 2 Office, Works 2026-04-16 N/A
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
CVE-2005-1054 1 Moderngigabyte 1 Modernbill 2026-04-16 N/A
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.
CVE-2005-1061 2 Logwatch, Redhat 3 Logwatch, Enterprise Linux, Linux Advanced Workstation 2026-04-16 N/A
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."
CVE-2005-1062 1 Kerio 3 Kerio Mailserver, Personal Firewall, Winroute Firewall 2026-04-16 N/A
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.
CVE-2005-1063 1 Kerio 3 Kerio Mailserver, Personal Firewall, Winroute Firewall 2026-04-16 N/A
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations."
CVE-2005-1074 1 Radscripts 1 Radbids 2026-04-16 N/A
SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.
CVE-2005-1076 1 Webct 1 Webct 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field.
CVE-2005-1077 1 Xampp 1 Apache Distribution 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php.
CVE-2005-1079 1 Mike De Boer 1 Zoom Media Gallery 2026-04-16 N/A
SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
CVE-2005-3763 1 Exponent 1 Exponent 2026-04-16 N/A
Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
CVE-2005-1080 2 Redhat, Sun 5 Enterprise Linux, Network Satellite, Rhel Extras and 2 more 2026-04-16 N/A
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames in a .jar file.
CVE-2005-1083 1 Aewebworks 1 Aedating 2026-04-16 N/A
index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter.
CVE-2005-1084 1 Aewebworks 1 Aedating 2026-04-16 N/A
SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter.
CVE-2005-3764 1 Exponent 1 Exponent 2026-04-16 N/A
The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.
CVE-2005-1090 1 Maxthon 1 Maxthon 2026-04-16 N/A
Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files.
CVE-2005-1091 1 Maxthon 1 Maxthon 2026-04-16 N/A
Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.
CVE-2005-3765 1 Exponent 1 Exponent 2026-04-16 N/A
Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.
CVE-2005-1092 1 Light Speed Technology 1 Deluxeftp 2026-04-16 N/A
Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.
CVE-2005-3766 1 Exponent 1 Exponent 2026-04-16 N/A
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.
CVE-2005-1093 1 Popup Plus Plugin 1 Popup Plus Plugin For Miranda Im 2026-04-16 N/A
Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.