Export limit exceeded: 365294 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365294 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0928 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. | ||||
| CVE-2005-0933 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. | ||||
| CVE-2005-0941 | 2 Openoffice, Redhat | 2 Openoffice, Enterprise Linux | 2026-04-16 | N/A |
| The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow. | ||||
| CVE-2005-0944 | 1 Microsoft | 1 Jet | 2026-04-16 | N/A |
| Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file. | ||||
| CVE-2005-0946 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page. | ||||
| CVE-2005-0950 | 1 Faststone | 1 4in1 Browser | 2026-04-16 | N/A |
| Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL. | ||||
| CVE-2005-0952 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2005-0953 | 2 Bzip, Redhat | 2 Bzip2, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete. | ||||
| CVE-2005-0954 | 1 Microsoft | 3 Internet Explorer, Windows Explorer, Windows Xp | 2026-04-16 | N/A |
| Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file. | ||||
| CVE-2005-0955 | 1 Interakt | 1 Mx Shop | 2026-04-16 | N/A |
| SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter. | ||||
| CVE-2005-0956 | 1 Interakt | 1 Mx Kart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter. | ||||
| CVE-1999-0482 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| OpenBSD kernel crash through TSS handling, as caused by the crashme program. | ||||
| CVE-1999-1483 | 1 Svgalib | 1 Svgalib | 2026-04-16 | N/A |
| Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable. | ||||
| CVE-2005-0958 | 1 Yepyep | 1 Mtftpd | 2026-04-16 | N/A |
| Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command. | ||||
| CVE-2005-3725 | 1 Zyxel | 1 Prestige 2000w V.1voip Wi-fi Phone | 2026-04-16 | N/A |
| Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE. | ||||
| CVE-2005-0959 | 1 Yepyep | 1 Mtftpd | 2026-04-16 | N/A |
| Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path. | ||||
| CVE-2005-3727 | 1 Revize Cms | 1 Revize Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | ||||
| CVE-2005-0961 | 1 Horde | 1 Application Framework | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title. | ||||
| CVE-2005-0962 | 1 Lighthouse Development | 1 Squirrelcart | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action. | ||||
| CVE-2005-3736 | 1 Coastal Data Management | 1 E-quick Cart | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp. | ||||