Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1458 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.
CVE-2005-1467 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.
CVE-2006-2242 1 Acftp 1 Acftp 2026-04-16 N/A
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
CVE-2006-2248 1 Northern Solutions 1 Xeneo Web Server 2026-04-16 N/A
Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension.
CVE-2005-1472 1 Apple 1 Mac Os X 2026-04-16 N/A
Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories.
CVE-2005-1473 1 Apple 1 Mac Os X 2026-04-16 N/A
SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field.
CVE-2005-1474 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933.
CVE-2005-1484 1 Kmint21 Software 1 Golden Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.
CVE-2006-2249 1 Cutephp 1 Cutenews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters.
CVE-2005-1482 1 Interspire 1 Articlelive 2026-04-16 N/A
ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.
CVE-2005-1483 1 Interspire 1 Articlelive 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.
CVE-2005-1509 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2006-2251 1 Invision Power Services 1 Invision Community Blog 2026-04-16 N/A
SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter.
CVE-2005-1490 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
CVE-2005-1492 1 Gossamer Threads 2 Gossamer Threads Links, Gossamer Threads Links-sql 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2006-2252 1 Openfaq 1 Openfaq 2026-04-16 N/A
Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-1496 1 Oracle 2 Application Server, Oracle10g 2026-04-16 N/A
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.
CVE-2005-1499 1 Mywebland 1 Mybloggie 2026-04-16 N/A
delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.
CVE-2005-1497 1 Mywebland 1 Mybloggie 2026-04-16 N/A
index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.
CVE-2005-1847 1 Yamt 1 Yamt 2026-04-16 N/A
Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.