Export limit exceeded: 348774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348774 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2423 | 1 Beehive Forum | 1 Beehive Forum | 2026-04-16 | N/A |
| Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message. | ||||
| CVE-2005-2436 | 1 Website Baker | 1 Website Baker | 2026-04-16 | N/A |
| browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message. | ||||
| CVE-2005-2445 | 1 Early Impact | 1 Product Cart | 2026-04-16 | N/A |
| SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter. | ||||
| CVE-2005-2478 | 1 Silver-scripts | 1 Silvernews | 2026-04-16 | N/A |
| SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel. | ||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2026-04-16 | N/A |
| The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | ||||
| CVE-2005-2487 | 1 Mcdata | 4 Intrepid 6064 Director Switch, Intrepid 6140 Director Switch, Sphereon 4300 Fabric Switch and 1 more | 2026-04-16 | N/A |
| Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm. | ||||
| CVE-1999-0812 | 1 Samba | 1 Samba | 2026-04-16 | N/A |
| Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations. | ||||
| CVE-2005-2495 | 2 Redhat, Xfree86 Project | 2 Enterprise Linux, Xfree86 | 2026-04-16 | N/A |
| Multiple integer overflows in XFree86 before 4.3.0 allow user-assisted attackers to execute arbitrary code via a crafted pixmap image. | ||||
| CVE-2005-2496 | 2 Dave Mills, Redhat | 2 Ntpd, Enterprise Linux | 2026-04-16 | N/A |
| The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended. | ||||
| CVE-2005-2498 | 3 Debian, Gggeek, Redhat | 3 Debian Linux, Phpxmlrpc, Enterprise Linux | 2026-04-16 | N/A |
| Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | ||||
| CVE-2005-1739 | 3 Graphicsmagick, Imagemagick, Redhat | 3 Graphicsmagick, Imagemagick, Enterprise Linux | 2026-04-16 | N/A |
| The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick before 1.1.6-r1, allows remote attackers to cause a denial of service (infinite loop) via an image with a zero color mask. | ||||
| CVE-2005-1737 | 1 Electricmonk | 1 Proms | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in PROMS 0.11 allow "non-authorized users" to (1) view or modify the project member list or (2) modify the todos list. | ||||
| CVE-2005-1726 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions." | ||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field. | ||||
| CVE-2005-1222 | 1 Netref | 1 Netref | 2026-04-16 | N/A |
| cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | ||||
| CVE-1999-0747 | 1 Bsdi | 1 Bsd Os | 2026-04-16 | N/A |
| Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. | ||||
| CVE-1999-0754 | 1 Isc | 1 Inn | 2026-04-16 | N/A |
| The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. | ||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2026-04-16 | N/A |
| Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | ||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2026-04-16 | N/A |
| Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable. | ||||
| CVE-2005-1246 | 1 Vladislav Bogdanov | 1 Snmppd | 2026-04-16 | N/A |
| Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call. | ||||