Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2604 1 My Image Gallery 1 My Image Gallery 2026-04-16 N/A
index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.
CVE-2005-2605 1 Omnipilot Software 1 Lasso Professional Server 2026-04-16 N/A
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.
CVE-2005-2606 1 Phlymail 1 Phlymail 2026-04-16 N/A
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.
CVE-2005-2607 1 Phpsimplicity 1 Simplicity Of Upload 2026-04-16 N/A
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
CVE-2005-2608 1 Safehtml 1 Safehtml 2026-04-16 N/A
SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML.
CVE-2005-2609 1 Vegadns 1 Vegadns 2026-04-16 N/A
index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter.
CVE-2005-2617 1 Linux 1 Linux Kernel 2026-04-16 N/A
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
CVE-2005-2626 1 Kismet 1 Kismet 2026-04-16 N/A
Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.
CVE-2005-2631 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-16 N/A
Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users.
CVE-2005-2632 1 Mediabox404 1 Mediabox404 2026-04-16 N/A
SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field.
CVE-2005-2633 1 Phptb 1 Topic Boards 2026-04-16 N/A
Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter.
CVE-2005-2634 1 Winftp Server 1 Winftp Server 2026-04-16 N/A
Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request.
CVE-2006-2496 1 Novell 2 Edirectory, Imonitor 2026-04-16 N/A
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors.
CVE-2005-2637 1 Phpfreenews 1 Phpfreenews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
CVE-2005-2638 1 Phpfreenews 1 Phpfreenews 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.
CVE-2005-2641 2 Padl Software, Redhat 2 Pam Ldap, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.
CVE-2005-2642 1 Mutt 1 Mutt 2026-04-16 N/A
Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.
CVE-2004-0757 2 Mozilla, Redhat 4 Firefox, Mozilla, Thunderbird and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
CVE-2005-2648 1 W-agora 1 W-agora 2026-04-16 N/A
Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.
CVE-2006-2444 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The snmp_trap_decode function in the SNMP NAT helper for Linux kernel before 2.6.16.18 allows remote attackers to cause a denial of service (crash) via unspecified remote attack vectors that cause failures in snmp_trap_decode that trigger (1) frees of random memory or (2) frees of previously-freed memory (double-free) by snmp_trap_decode as well as its calling function, as demonstrated via certain test cases of the PROTOS SNMP test suite.