Export limit exceeded: 346845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2117 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Explorer and 1 more | 2026-04-16 | N/A |
| Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. | ||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | ||||
| CVE-2005-2120 | 1 Microsoft | 2 Windows 2000, Windows Xp | 2026-04-16 | N/A |
| Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. | ||||
| CVE-2005-2123 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord. | ||||
| CVE-2005-2126 | 1 Microsoft | 4 Ie, Windows 2000, Windows 2003 Server and 1 more | 2026-04-16 | N/A |
| The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames. | ||||
| CVE-2005-2132 | 1 Sco | 1 Unixware | 2026-04-16 | N/A |
| RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests. | ||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | ||||
| CVE-2005-2135 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2026-04-16 | N/A |
| SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters. | ||||
| CVE-2005-2128 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | ||||
| CVE-2005-2138 | 1 Comdev | 1 Comdev Ecommerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message. | ||||
| CVE-2005-2142 | 1 Kmint21 Software | 1 Golden Ftp Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command. | ||||
| CVE-2005-2140 | 1 Fsboard | 1 Fsboard | 2026-04-16 | N/A |
| Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter. | ||||
| CVE-2005-2141 | 1 Jollybox.de | 1 Tcp Chat | 2026-04-16 | N/A |
| TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow. | ||||
| CVE-2005-2143 | 1 Microsoft | 1 Frontpage | 2026-04-16 | N/A |
| Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | ||||
| CVE-2005-2144 | 1 Prevx | 1 Prevx Pro 2005 | 2026-04-16 | N/A |
| Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. | ||||
| CVE-2005-2145 | 1 Prevx | 1 Prevx Pro 2005 | 2026-04-16 | N/A |
| The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message. | ||||
| CVE-2005-2146 | 1 Ssh | 1 Tectia Server | 2026-04-16 | N/A |
| SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. | ||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2026-04-16 | N/A |
| NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product. | ||||
| CVE-2005-2151 | 1 Double Precision Incorporated | 1 Courier Mail Server | 2026-04-16 | N/A |
| spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | ||||
| CVE-2005-2152 | 1 Geeklog | 1 Geeklog | 2026-04-16 | N/A |
| SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article. | ||||