Export limit exceeded: 363261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3341 1 Dhis Tools 1 Dns Package 2026-04-16 N/A
DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.
CVE-2006-2144 1 Dmcounter 1 Dmcounter 2026-04-16 N/A
PHP remote file inclusion vulnerability in kopf.php in DMCounter 0.9.2-b allows remote attackers to execute arbitrary PHP code via a URL in the rootdir parameter.
CVE-2006-2150 1 Phpbb Group 1 Phpbb Toplist 2026-04-16 N/A
PHP remote file inclusion vulnerability in top/list.php in phpBB TopList 1.3.8 and earlier allows remote attackers to include arbitrary files via the returnpath parameter.
CVE-2005-3128 1 Squirrelmail 1 Address Add Plugin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
CVE-2005-3154 1 Softwin 1 Bitdefender 2026-04-16 N/A
Format string vulnerability in the logging functionality in BitDefender AntiVirus 7.2 through 9 allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in file or directory name.
CVE-2006-2166 1 Cisco 2 Unity Express, Unity Express Software 2026-04-16 N/A
Unspecified vulnerability in the HTTP management interface in Cisco Unity Express (CUE) 2.2(2) and earlier, when running on any CUE Advanced Integration Module (AIM) or Network Module (NM), allows remote authenticated attackers to reset the password for any user with an expired password.
CVE-2005-3157 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
CVE-2005-3166 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.
CVE-2005-3189 1 Qualcomm 1 Worldmail Imap Server 2026-04-16 N/A
Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.
CVE-2006-2175 1 Ftrainsoft 1 Fast Click 2026-04-16 N/A
PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.
CVE-2005-1574 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
CVE-2005-3193 2 Redhat, Xpdf 2 Enterprise Linux, Xpdf 2026-04-16 N/A
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated.
CVE-2005-3198 1 Webroot Software 1 Desktop Firewall 2026-04-16 N/A
Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands.
CVE-2005-3211 1 Softwin 1 Bitdefender Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of BitDefender Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3213 1 Frisk Software 1 F-prot Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3226 1 Arcavir 1 Arcavir Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of ArcaVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3235 1 Proland 1 Protector Plus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Proland Protector Plus 2000 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3236 1 Cynox 1 Cyphor 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
CVE-2006-2194 1 Point-to-point Protocol Project 1 Point-to-point Protocol 2026-04-16 N/A
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user processes, which prevents the winbind NTLM authentication helper from dropping privileges.
CVE-2005-3262 1 Rarlab 1 Winrar 2026-04-16 N/A
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.