Export limit exceeded: 346743 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346743 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1931 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2026-04-16 | N/A |
| GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character. | ||||
| CVE-2005-1933 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474. | ||||
| CVE-2005-4488 | 1 Computeroil | 1 Redakto Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters. | ||||
| CVE-2005-1942 | 1 Cisco | 1 Catalyst | 2026-04-16 | N/A |
| Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages. | ||||
| CVE-2005-1944 | 1 Xmysqladmin | 1 Xmysqladmin | 2026-04-16 | N/A |
| xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp. | ||||
| CVE-2005-1939 | 1 Ipswitch | 1 Whatsup Small Business | 2026-04-16 | N/A |
| Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). | ||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | ||||
| CVE-2005-1948 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. | ||||
| CVE-2005-1950 | 1 Darryl Burgdorf | 1 Webhints | 2026-04-16 | N/A |
| hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | ||||
| CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. | ||||
| CVE-2005-1952 | 1 Pico Server | 1 Pico Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count. | ||||
| CVE-2005-1953 | 1 Pico Server | 1 Pico Server | 2026-04-16 | N/A |
| Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request. | ||||
| CVE-2005-2078 | 1 Sofotex | 1 Bisonftp | 2026-04-16 | N/A |
| BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument. | ||||
| CVE-2005-1949 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter. | ||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | ||||
| CVE-2005-1956 | 1 File Upload Manager | 1 File Upload Manager | 2026-04-16 | N/A |
| File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks. | ||||
| CVE-2005-1959 | 1 Jammail | 1 Jammail | 2026-04-16 | N/A |
| jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. | ||||
| CVE-2005-1960 | 1 C.j. Steele | 1 Tattle | 2026-04-16 | N/A |
| The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username. | ||||
| CVE-2005-1961 | 1 Objectweb | 1 Consortium C-jdbc | 2026-04-16 | N/A |
| Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 allows local users to bypass intended access restrictions and obtain the cache results from another user. | ||||
| CVE-2005-1962 | 1 Cerberus | 1 Cerberus Helpdesk | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php. | ||||