Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1824 1 Gnu 1 Mailutils 2026-04-16 N/A
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.
CVE-2004-2279 1 Invision Power Services 1 Invision Power Board 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
CVE-2004-2284 1 Open Webmail 1 Open Webmail 2026-04-16 N/A
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
CVE-2005-3222 1 Vba32 1 Vba32 Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of VBA32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3217 1 Symantec 1 Antivirus Scan Engine 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Symantec Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3216 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Sophos Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3208 1 Aenovo 3 Aenovo, Aenovoshop, Aenovowysi 2026-04-16 N/A
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
CVE-2005-1760 1 Redhat 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2026-04-16 N/A
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.
CVE-2004-2259 2 Beasts, Redhat 2 Vsftpd, Enterprise Linux 2026-04-16 N/A
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
CVE-2005-3186 3 Gnome, Gtk, Redhat 3 Gdkpixbuf, Gtk\+, Enterprise Linux 2026-04-16 N/A
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVE-1999-0815 1 Microsoft 1 Windows Nt 2026-04-16 N/A
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
CVE-2005-2056 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
CVE-2005-2067 1 Asp-nuke 1 Asp-nuke 2026-04-16 N/A
SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter.
CVE-2005-2075 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
CVE-2005-2077 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in error.asp for Hosting Controller allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2005-2092 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-2093 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
CVE-2005-2097 3 Kde, Redhat, Xpdf 3 Kpdf, Enterprise Linux, Xpdf 2026-04-16 N/A
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
CVE-2005-2103 2 Gaim Project, Redhat 2 Gaim, Enterprise Linux 2026-04-16 9.8 Critical
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
CVE-2005-2111 1 Community Link Pro Web Editor 1 Community Link Pro Web Editor 2026-04-16 N/A
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.