Search Results (363132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0866 1 Cdrtools 1 Cdrecord 2026-04-16 N/A
cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-0869 1 Phpsysinfo 1 Phpsysinfo 2026-04-16 N/A
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.
CVE-2005-0873 1 Oracle 1 10g Reports Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.
CVE-2005-0779 1 Platinumftp 1 Platinumftpserver 2026-04-16 N/A
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username.
CVE-2005-0881 1 Interspire 1 Articlelive 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter.
CVE-2005-0904 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
CVE-2005-0910 1 E-xoops 1 E-xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
CVE-2005-0915 1 Webmasters-debutants 1 Wd Guestbook 2026-04-16 N/A
Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php.
CVE-2005-0917 1 Powerdev 1 Encapsbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in index_header.php for EncapsBB 0.3.2_fixed, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the root parameter.
CVE-2005-0922 1 Symantec 3 Norton Antivirus, Norton Internet Security, Norton System Works 2026-04-16 N/A
Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
CVE-2005-0924 1 Adventia 1 E-data 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword.
CVE-2005-0935 1 Esmi 1 Paypal Storefront 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
CVE-2005-0947 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter.
CVE-2005-0952 1 Php Arena 1 Pafiledb 2026-04-16 N/A
Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2005-0824 1 Mathopd 1 Mathopd 2026-04-16 5.5 Medium
The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.
CVE-2005-0838 1 Icecast 1 Icecast 2026-04-16 N/A
Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag.
CVE-2005-0967 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
CVE-2005-0981 1 Alstrasoft 1 Epay 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
CVE-2005-0995 1 Early Impact 1 Productcart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp. NOTE: it has been reported that storelocator_submit.asp does not exist in ProductCart.
CVE-2005-0998 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.