Total
29741 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0619 | 1 Bfriendly.com | 1 Einstein | 2025-04-03 | N/A |
| Einstein 1.0.1 stores sensitive information such as usernames and passwords in plaintext in the registry, which allows local users to gain privileges. | ||||
| CVE-2005-0622 | 1 Raidenhttpd | 1 Raidenhttpd | 2025-04-03 | N/A |
| RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space. | ||||
| CVE-2005-0638 | 4 Altlinux, Redhat, Suse and 1 more | 4 Alt Linux, Enterprise Linux, Suse Linux and 1 more | 2025-04-03 | N/A |
| xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. | ||||
| CVE-2005-0650 | 1 Projectbb | 1 Projectbb | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. | ||||
| CVE-2005-0668 | 1 Christian Hilgers | 1 Http Anti Virus Proxy \(havp\) | 2025-04-03 | N/A |
| Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files. | ||||
| CVE-2005-0685 | 1 Outstart | 1 Participate Enterprise | 2025-04-03 | N/A |
| Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands. | ||||
| CVE-2005-0703 | 1 Xerox | 18 Workcentre 165, Workcentre 175, Workcentre 2128 and 15 more | 2025-04-03 | N/A |
| Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, has an "unauthenticated account," which allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-1179. | ||||
| CVE-2006-2139 | 1 Wilsonncareabusinesses | 1 Php Newsfeed | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to (a) deltables.php, (2) select, (3) header, (4) url, (5) source, or (6) time parameters to (b) manualsubmit.php, (7) num parameter to (c) delete.php, or (8) tablename parameter to (d) searchnews.php. | ||||
| CVE-2005-0730 | 1 Py Software | 1 Active Webcam | 2025-04-03 | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. | ||||
| CVE-2006-2154 | 1 Emc | 1 Retrospect | 2025-04-03 | N/A |
| EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. | ||||
| CVE-2005-0755 | 2 Realnetworks, Redhat | 5 Helix Player, Realone Player, Realplayer and 2 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file. | ||||
| CVE-2005-0766 | 2 Ethereal Group, Redhat | 2 Ethereal, Enterprise Linux | 2025-04-03 | N/A |
| Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash). | ||||
| CVE-2005-0783 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. | ||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2025-04-03 | N/A |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | ||||
| CVE-2005-0843 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. | ||||
| CVE-2005-0860 | 1 The Rusted Gate | 1 Trg News | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php. | ||||
| CVE-2005-0909 | 1 Tkais Shoutbox | 1 Tkais Shoutbox | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter. | ||||
| CVE-2005-0915 | 1 Webmasters-debutants | 1 Wd Guestbook | 2025-04-03 | N/A |
| Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php. | ||||
| CVE-2005-0919 | 1 Adventia | 2 Adventia Chat, Adventia Server Pro | 2025-04-03 | N/A |
| Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks. | ||||
| CVE-2006-2158 | 1 Stadtaus | 1 Guestbook Script | 2025-04-03 | N/A |
| Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter. | ||||