Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2112 1 Xoops 1 Xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
CVE-2005-2113 1 Xoops 1 Xoops 2026-04-16 N/A
SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
CVE-2005-2117 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Explorer and 1 more 2026-04-16 N/A
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
CVE-1999-0846 1 Deerfield 1 Mdaemon 2026-04-16 N/A
Denial of service in MDaemon 2.7 via a large number of connection attempts.
CVE-1999-1267 1 Kde 1 Kde 2026-04-16 N/A
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.
CVE-2005-2120 1 Microsoft 2 Windows 2000, Windows Xp 2026-04-16 N/A
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
CVE-2005-2123 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
Multiple integer overflows in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allow remote attackers to execute arbitrary code via crafted Windows Metafile (WMF) and Enhanced Metafile (EMF) format images that lead to heap-based buffer overflows, as demonstrated using MRBP16::bCheckRecord.
CVE-2005-2132 1 Sco 1 Unixware 2026-04-16 N/A
RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.
CVE-2005-2136 1 Raritan 10 Dominion Sx16, Dominion Sx16 Firmware, Dominion Sx32 and 7 more 2026-04-16 N/A
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users.
CVE-2005-2158 1 Jboss 1 Jbpm 2026-04-16 N/A
A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.
CVE-2005-2162 1 Levcgi.com 1 Myguestbook 2026-04-16 N/A
PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter.
CVE-2005-2163 1 Autoindex 1 Php Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2005-2173 1 Mozilla 1 Bugzilla 2026-04-16 N/A
The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi.
CVE-2005-2189 1 Lantronix 1 Securelinx 2026-04-16 N/A
Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys.
CVE-2005-2196 1 Apple 1 Airport Card 2026-04-16 N/A
The Apple AirPort card uses a default WEP key when not connected to a known or trusted network, which can cause it to automatically connect to a malicious network.
CVE-2005-2197 1 Id Board 1 Id Board 2026-04-16 N/A
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.
CVE-2005-2210 1 Tonec Inc. 1 Internet Download Manager 2026-04-16 N/A
Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.
CVE-1999-0852 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
IBM WebSphere sets permissions that allow a local user to modify a deinstallation script or its data files stored in /usr/bin.
CVE-2005-2215 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
CVE-2005-2241 1 Cisco 1 Call Manager 2026-04-16 N/A
Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource leak" that allows remote attackers to cause a denial of service (memory and connection consumption) in RisDC.exe.