Export limit exceeded: 349929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349929 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349929 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3417 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | ||||
| CVE-2005-3419 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. | ||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | ||||
| CVE-2005-3421 | 1 Hyper Estraier | 1 Hyper Estraier | 2026-04-16 | N/A |
| estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters. | ||||
| CVE-2005-3422 | 1 10-4 Aps | 1 Asp Fast Forum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Forum allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2005-3423 | 1 Subdreamer | 1 Subdreamer | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php. | ||||
| CVE-2005-3424 | 1 Gnu | 1 Gnump3d | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. | ||||
| CVE-2005-3425 | 1 Gnu | 1 Gnump3d | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424. | ||||
| CVE-2005-3426 | 1 Cisco | 1 Content Services Switch 11500 | 2026-04-16 | N/A |
| Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation. | ||||
| CVE-2005-3428 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body. | ||||
| CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension. | ||||
| CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | ||||
| CVE-2005-3432 | 1 Thomas Rybak | 1 Minigal 2 | 2026-04-16 | N/A |
| MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all. | ||||
| CVE-2005-3433 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | ||||
| CVE-2005-3434 | 1 Archilles | 1 Newsworld | 2026-04-16 | N/A |
| Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges. | ||||
| CVE-2005-4629 | 1 Smbcms | 1 Smbcms | 2026-04-16 | N/A |
| SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | ||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | ||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | ||||
| CVE-2005-3002 | 1 Xclusive-software | 1 Mccs | 2026-04-16 | N/A |
| Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet. | ||||
| CVE-2005-3001 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | ||||