Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2312 1 Realnode 1 Emilda 2026-04-16 N/A
management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.
CVE-2005-2276 1 Novell 1 Groupwise Webaccess 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess 6.5 before July 11, 2005 allows remote attackers to inject arbitrary web script or HTML via an e-mail message with an encoded javascript URI (e.g. "j&#X41vascript" in an IMG tag.
CVE-2005-2285 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emergency information, medical information, and system configuration.
CVE-2005-2290 1 Wps 1 Web Portal System 2026-04-16 N/A
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
CVE-2005-2288 1 Phpcounter 1 Phpcounter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter.
CVE-2005-2291 1 Oracle 1 Jdeveloper 2026-04-16 N/A
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
CVE-2005-2284 1 Esi Products 1 Webeoc 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
CVE-2005-2286 1 Esi Products 1 Webeoc 2026-04-16 N/A
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
CVE-2005-2289 1 Phpcounter 1 Phpcounter 2026-04-16 N/A
PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message.
CVE-2005-2916 1 Linksys 1 Wrt54g 2026-04-16 N/A
Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi.
CVE-2005-2925 1 Sgi 1 Irix 2026-04-16 N/A
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.
CVE-2005-2920 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
CVE-2005-2926 1 Sco 1 Openserver 2026-04-16 N/A
Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.
CVE-2005-2947 1 Killprocess 1 Killprocess 2026-04-16 N/A
Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource.
CVE-2005-2948 1 Killprocess 1 Killprocess 2026-04-16 N/A
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
CVE-2005-2945 1 Arc 1 Arc 2026-04-16 N/A
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
CVE-2005-2944 1 Brent Ely 1 Gnome Workstation Command Center 2026-04-16 N/A
The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file.
CVE-2005-2955 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
CVE-2005-2957 1 Avira 1 Desktop 2026-04-16 N/A
Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive.
CVE-2005-2954 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.