Export limit exceeded: 348953 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1072 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2005-0234 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | ||||
| CVE-2005-3992 | 1 Wineggdropshell | 1 Wineggdropshell | 2026-04-16 | N/A |
| Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | ||||
| CVE-2005-4002 | 1 Esi Products | 1 Webeoc | 2026-04-16 | N/A |
| WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | ||||
| CVE-2005-3993 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | ||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | ||||
| CVE-2005-0250 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument. | ||||
| CVE-2005-3995 | 1 Sobexsrv | 1 Sobexsrv | 2026-04-16 | N/A |
| Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands. | ||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2026-04-16 | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | ||||
| CVE-2005-0255 | 2 Mozilla, Redhat | 4 Firefox, Mozilla, Thunderbird and 1 more | 2026-04-16 | N/A |
| String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption. | ||||
| CVE-2005-0262 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument. | ||||
| CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | ||||
| CVE-2005-0267 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | ||||
| CVE-2005-4010 | 1 Sensation Designs | 1 Kbase Express | 2026-04-16 | N/A |
| SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php. | ||||
| CVE-2005-0280 | 1 Jowood Productions | 1 Soldner Secret Wars | 2026-04-16 | N/A |
| Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message. | ||||
| CVE-2005-0275 | 1 3com | 1 3cdaemon | 2026-04-16 | N/A |
| TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. | ||||
| CVE-2005-0283 | 1 David Barrett | 1 Qwikiwiki | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter. | ||||
| CVE-2005-0285 | 1 Bottomline | 1 Webseries Payment Application | 2026-04-16 | N/A |
| Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. | ||||
| CVE-2005-0286 | 1 Emotion | 1 Mediapartner Web Server | 2026-04-16 | N/A |
| eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file. | ||||
| CVE-2005-0289 | 1 Apple | 2 Airport Express, Airport Extreme | 2026-04-16 | N/A |
| Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | ||||