Export limit exceeded: 337587 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29867 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2949 | 1 Mark D. Roth | 1 Pam Per User | 2025-04-03 | N/A |
| pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login. | ||||
| CVE-2005-2950 | 1 Sawmill | 1 Sawmill | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. | ||||
| CVE-2005-2951 | 1 Azerbaijan Development Group | 1 Azdgdating | 2025-04-03 | N/A |
| Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement. | ||||
| CVE-2005-2952 | 1 Subscribe Me Pro | 1 Subscribe Me Pro | 2025-04-03 | N/A |
| Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | ||||
| CVE-2005-2954 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | N/A |
| SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field. | ||||
| CVE-2005-2956 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2025-04-03 | N/A |
| ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. | ||||
| CVE-2005-2957 | 1 Avira | 1 Desktop | 2025-04-03 | N/A |
| Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. | ||||
| CVE-2005-2958 | 1 Gnome | 1 Libgda2 | 2025-04-03 | N/A |
| Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code. | ||||
| CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2025-04-03 | N/A |
| cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | ||||
| CVE-2005-3005 | 1 Helpdesk Software | 1 Hesk | 2025-04-03 | N/A |
| Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie. | ||||
| CVE-2005-2961 | 1 Prozilla | 1 Prozilla Download Accelerator | 2025-04-03 | N/A |
| Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | ||||
| CVE-2005-2962 | 1 Ntlmaps | 1 Ntlmaps | 2025-04-03 | N/A |
| The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password. | ||||
| CVE-2005-2964 | 1 Abisource | 1 Community Abiword | 2025-04-03 | N/A |
| Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. | ||||
| CVE-2005-2966 | 1 Dia | 1 Dia | 2025-04-03 | N/A |
| The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file. | ||||
| CVE-2005-2968 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||||
| CVE-2005-2977 | 2 Pam, Redhat | 2 Pam, Enterprise Linux | 2025-04-03 | N/A |
| The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. | ||||
| CVE-2005-2971 | 1 Kde | 1 Koffice | 2025-04-03 | N/A |
| Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file. | ||||
| CVE-2005-2974 | 2 Libungif, Redhat | 2 Libungif, Enterprise Linux | 2025-04-03 | N/A |
| libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference. | ||||
| CVE-2005-2973 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash). | ||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. | ||||