Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3335 1 Mantis 1 Mantis 2026-04-16 N/A
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
CVE-2005-3345 1 Rssh 1 Rssh 2026-04-16 N/A
rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.
CVE-2005-3340 1 New Breed Software 1 Tux Paint 2026-04-16 N/A
The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.
CVE-2005-3339 1 Mantis 1 Mantis 2026-04-16 N/A
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVE-2005-3342 1 Norman Ramsey 1 Noweb 2026-04-16 N/A
noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.
CVE-2005-3343 1 Tkdiff 1 Tkdiff 2026-04-16 N/A
tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-3344 1 Horde 1 Horde 2026-04-16 N/A
The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access.
CVE-2006-2654 1 Freebsd 1 Freebsd 2026-04-16 N/A
Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to 6.1 allows local users to escape chroot restrictions for an SMB-mounted filesystem via "..\\" sequences. NOTE: this is similar to CVE-2006-1864, but this is a different implementation of smbfs, so it has a different CVE identifier.
CVE-2006-2659 1 Double Precision Incorporated 1 Courier Mta 2026-04-16 N/A
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding.
CVE-2005-3367 1 Sparkleblog 1 Sparkleblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.
CVE-2005-3368 1 Search Enhanced 1 Search Enhanced 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2005-3369 1 Woltlab 1 Burning Board 2026-04-16 N/A
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
CVE-2005-3374 1 Frisk Software 1 F-prot Antivirus 2026-04-16 N/A
Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVE-2005-3375 1 Ikarus 1 Ikarus Antivirus 2026-04-16 N/A
Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVE-2005-3384 1 Techno Dreams 1 Techno Dreams Guest Book 2026-04-16 N/A
SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
CVE-2005-3380 1 Panda 1 Titanium 2005 2026-04-16 N/A
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVE-2005-3382 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
CVE-2005-3383 1 Techno Dreams 1 Announcement Script 2026-04-16 N/A
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
CVE-2005-3404 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.
CVE-2005-3405 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability.