Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0845 1 Netwin 1 Surgemail 2026-04-16 N/A
Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter.
CVE-2006-4437 1 Venture Nine 1 Tagger Le 2026-04-16 N/A
Eval injection vulnerability in Tagger LE allows remote attackers to execute arbitrary PHP code via the query string in (1) tags.php, (2) sign.php, and (3) admin/index.php.
CVE-2005-2032 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
CVE-2005-2029 1 Amarok 1 Web Frontend 2026-04-16 N/A
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.
CVE-2005-2034 1 Blue-collar Productions 1 I-gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
CVE-2005-2039 1 Nanoblogger 1 Nanoblogger 2026-04-16 N/A
Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands.
CVE-2005-2061 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte.
CVE-2005-2058 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php.
CVE-2005-2060 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter.
CVE-2005-2063 1 Active Web Softwares 1 Activebuyandsell 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp.
CVE-2005-2066 1 Asp-nuke 1 Asp-nuke 2026-04-16 N/A
SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter.
CVE-2005-2068 1 Freebsd 1 Freebsd 2026-04-16 N/A
FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.
CVE-2005-2078 1 Sofotex 1 Bisonftp 2026-04-16 N/A
BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
CVE-2005-2080 1 Symantec Veritas 1 Backup Exec 2026-04-16 N/A
Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server.
CVE-2005-2081 1 Digium 1 Asterisk 2026-04-16 N/A
Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character.
CVE-2005-2082 1 Cgi-club 1 Imtrset 2026-04-16 N/A
im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter.
CVE-2005-2098 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.
CVE-2005-2100 1 Redhat 2 Enterprise Linux, Enterprise Linux Desktop 2026-04-16 N/A
The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).
CVE-2005-2101 1 Kde 1 Kde 2026-04-16 N/A
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
CVE-2005-2104 1 Redhat 2 Enterprise Linux, Sysreport 2026-04-16 N/A
sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.