Total
29753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1975 | 1 Annuaire | 1 1two | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php. | ||||
| CVE-2005-1988 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability". | ||||
| CVE-2005-1989 | 1 Microsoft | 2 Ie, Internet Explorer | 2025-04-03 | N/A |
| Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability". | ||||
| CVE-2005-1993 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-03 | N/A |
| Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. | ||||
| CVE-2005-1994 | 1 Finjan Software | 1 Surfingate | 2025-04-03 | N/A |
| Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download blocked files via hex-encoded characters in a filename, as demonstrated using "%2e". | ||||
| CVE-2005-2020 | 1 3com | 1 3c15100d | 2025-04-03 | N/A |
| Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | ||||
| CVE-2005-2023 | 1 Suse | 1 Suse Linux | 2025-04-03 | N/A |
| The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail. | ||||
| CVE-2005-2026 | 1 Enterasys | 1 Vertical Horizon-2402s | 2025-04-03 | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges. | ||||
| CVE-2005-2039 | 1 Nanoblogger | 1 Nanoblogger | 2025-04-03 | N/A |
| Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands. | ||||
| CVE-2005-2041 | 1 Hauri | 1 Virobot Linux Server | 2025-04-03 | N/A |
| Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE). | ||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | ||||
| CVE-2005-2084 | 1 Telligent Systems | 1 Community Server Forums | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2025-04-03 | N/A |
| Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | ||||
| CVE-2005-2109 | 1 Wordpress | 1 Wordpress | 2025-04-03 | N/A |
| wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | ||||
| CVE-2005-2111 | 1 Community Link Pro Web Editor | 1 Community Link Pro Web Editor | 2025-04-03 | N/A |
| login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. | ||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | ||||
| CVE-2005-2113 | 1 Xoops | 1 Xoops | 2025-04-03 | N/A |
| SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | ||||
| CVE-2005-2115 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2025-04-03 | N/A |
| Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation. | ||||
| CVE-2005-2165 | 1 Globalnotescript | 1 Globalnotescript | 2025-04-03 | N/A |
| read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters. | ||||
| CVE-2005-2166 | 1 Frozenplague.net | 1 Plague News System | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||