Export limit exceeded: 29927 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29927 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0402 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page. | ||||
| CVE-2005-0403 | 1 Redhat | 2 Enterprise Linux, Enterprise Linux Desktop | 2026-04-16 | N/A |
| init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. | ||||
| CVE-2005-0423 | 1 Aspjar | 1 Aspjar Guestbook | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2005-0409 | 1 Citrusdb | 1 Citrusdb | 2026-04-16 | N/A |
| CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities. | ||||
| CVE-2005-0410 | 1 Citrusdb | 1 Citrusdb | 2026-04-16 | N/A |
| SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file. | ||||
| CVE-2005-0407 | 1 Zakon Group | 1 Openconf | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title. | ||||
| CVE-2005-0412 | 1 Spidean | 1 Postwrap | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. | ||||
| CVE-2005-0415 | 1 Ulrik Petersen | 1 Emdros Database Engine | 2026-04-16 | N/A |
| Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | ||||
| CVE-2005-0417 | 1 Ibm | 1 Db2 Universal Database | 2026-04-16 | N/A |
| Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. | ||||
| CVE-2005-0418 | 1 Sun | 1 J2se | 2026-04-16 | N/A |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. NOTE: it is highly likely that this item will be MERGED with CVE-2005-0836. | ||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | ||||
| CVE-2005-0421 | 1 Delphiturk | 1 Delphiturk Ftp | 2026-04-16 | N/A |
| DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. | ||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2026-04-16 | N/A |
| DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | ||||
| CVE-2005-0424 | 1 Aspjar | 1 Aspjar Guestbook | 2026-04-16 | N/A |
| Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730. | ||||
| CVE-2005-0426 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | ||||
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2026-04-16 | N/A |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | ||||
| CVE-2005-0428 | 1 Powerdns | 1 Powerdns | 2026-04-16 | N/A |
| The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | ||||
| CVE-2005-0429 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | ||||
| CVE-2005-0431 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-16 | N/A |
| Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. | ||||
| CVE-2005-0432 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. | ||||