Export limit exceeded: 349823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349823 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3921 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers. | ||||
| CVE-2005-3968 | 1 Phpx | 1 Phpx | 2026-04-16 | N/A |
| SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter. | ||||
| CVE-2000-1113 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. | ||||
| CVE-2004-1362 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2026-04-16 | N/A |
| The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters. | ||||
| CVE-2005-3044 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems. | ||||
| CVE-2005-3873 | 1 Sourceshock | 1 Shockboard | 2026-04-16 | N/A |
| SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | ||||
| CVE-2005-3922 | 1 Panda | 19 Panda Activescan, Panda Antivirus, Panda Antivirus Platinum and 16 more | 2026-04-16 | N/A |
| Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus library allows remote attackers to execute arbitrary code via a crafted ZOO archive. | ||||
| CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2026-04-16 | N/A |
| SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2000-1114 | 1 Unify | 1 Ewave Servletexec | 2026-04-16 | N/A |
| Unify ServletExec AS v3.0C allows remote attackers to read source code for JSP pages via an HTTP request that ends with characters such as ".", or "+", or "%20". | ||||
| CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | ||||
| CVE-2005-3780 | 1 Ipupdate | 1 Ipupdate | 2026-04-16 | N/A |
| Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records. | ||||
| CVE-2000-1115 | 1 Software602 | 1 602pro Lan Suite | 2026-04-16 | N/A |
| Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. | ||||
| CVE-2005-3781 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | ||||
| CVE-2005-3874 | 1 Weaverslave | 1 Netzbrett | 2026-04-16 | N/A |
| SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php. | ||||
| CVE-2000-1133 | 1 Flicks Software | 1 Authentix | 2026-04-16 | N/A |
| Authentix Authentix100 allows remote attackers to bypass authentication by inserting a . (dot) into the URL for a protected directory. | ||||
| CVE-2004-1379 | 1 Xine | 2 Xine, Xine-lib | 2026-04-16 | N/A |
| Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field. | ||||
| CVE-2005-3052 | 1 Jportal | 1 Jportal Web Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php. | ||||
| CVE-2005-3782 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username. | ||||
| CVE-2005-3875 | 1 Enterprise Heart | 1 Enterprise Connector | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php. | ||||
| CVE-2005-3923 | 1 Netobjects | 1 Netobjects Fusion | 2026-04-16 | N/A |
| NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. | ||||