Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2809 1 Silc 1 Secure Internet Live Conferencing 2026-04-16 N/A
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
CVE-2005-2815 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
CVE-2005-2830 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
CVE-2005-2831 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2127.
CVE-2005-2851 1 Smb4k 1 Smb4k 2026-04-16 N/A
smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
CVE-2005-2855 1 Unclassified Newsboard 1 Unclassified Newsboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field.
CVE-2005-2869 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php.
CVE-2005-2874 2 Easy Software Products, Redhat 2 Cups, Enterprise Linux 2026-04-16 N/A
The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.
CVE-2005-2876 2 Andries Brouwer, Redhat 2 Util-linux, Enterprise Linux 2026-04-16 N/A
umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags.
CVE-2005-2886 1 Maxdev 1 Md-pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php.
CVE-2005-2887 1 Maxdev 1 Md-pro 2026-04-16 N/A
MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message.
CVE-2005-2888 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php.
CVE-1999-1197 1 Sun 1 Sunos 2026-04-16 N/A
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
CVE-2005-2889 1 Checkpoint 1 Connectra Ngx 2026-04-16 N/A
Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions.
CVE-2005-2893 1 Pblang 1 Pblang 2026-04-16 N/A
Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login.
CVE-2005-2894 1 Pblang 1 Pblang 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field.
CVE-2005-2897 1 Stylemotion 1 Web News 2026-04-16 N/A
WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.
CVE-2005-2902 1 Class-1 1 Class-1 Forum 2026-04-16 N/A
SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file.
CVE-2005-2922 2 Realnetworks, Redhat 6 Helix Player, Realone Player, Realplayer and 3 more 2026-04-16 N/A
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.
CVE-2005-2930 1 Jed Wing 1 Chm Lib 2026-04-16 N/A
Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318.