Export limit exceeded: 29909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2179 | 1 Jaws | 1 Jaws | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter. | ||||
| CVE-2005-2180 | 1 Gnu | 1 Gnats | 2026-04-16 | N/A |
| gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | ||||
| CVE-2005-2184 | 1 Emc | 1 Eroom | 2026-04-16 | N/A |
| eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file. | ||||
| CVE-2005-2185 | 1 Emc | 1 Eroom | 2026-04-16 | N/A |
| eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | ||||
| CVE-2005-2187 | 1 Mcafee | 1 Intrushield Security Management System | 2026-04-16 | N/A |
| McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | ||||
| CVE-2005-2189 | 1 Lantronix | 1 Securelinx | 2026-04-16 | N/A |
| Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. | ||||
| CVE-2005-2192 | 1 Alexander Palmo | 1 Simple Php Blog | 2026-04-16 | N/A |
| SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. | ||||
| CVE-2005-2193 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. | ||||
| CVE-2005-2194 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing. | ||||
| CVE-2005-2214 | 1 Debian | 1 Apt-setup | 2026-04-16 | N/A |
| apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | ||||
| CVE-2005-2211 | 1 Sukria | 1 Backup Manager | 2026-04-16 | N/A |
| Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. | ||||
| CVE-2005-2212 | 1 Sukria | 1 Backup Manager | 2026-04-16 | N/A |
| Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. | ||||
| CVE-2005-2213 | 1 Mms Ripper | 1 Mms Ripper | 2026-04-16 | N/A |
| Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams. | ||||
| CVE-2005-2215 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. | ||||
| CVE-2005-2216 | 1 Photogal | 1 Photogal Photo Gallery | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. | ||||
| CVE-2005-2217 | 1 Craig Dansie | 1 Dansie Shopping Cart | 2026-04-16 | N/A |
| Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. | ||||
| CVE-2005-2218 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process. | ||||
| CVE-2005-2221 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure. | ||||
| CVE-2005-2223 | 1 Mailenable | 2 Mailenable Professional, Mailenable Standard | 2026-04-16 | N/A |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | ||||
| CVE-2005-2225 | 1 Microsoft | 1 Msn Messenger Service | 2026-04-16 | N/A |
| Microsoft MSN Messenger allows remote attackers to cause a denial of service via a plaintext message containing the ".pif" string, which is interpreted as a malicious file extension and causes users to be kicked from a group conversation. NOTE: it has been reported that Gaim is also affected, so this may be an issue in the protocol or MSN servers. | ||||