Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1997 1 Mcgallery 1 Mcgallery 2026-04-16 N/A
show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter.
CVE-2005-1992 2 Redhat, Yukihiro Matsumoto 2 Enterprise Linux, Ruby 2026-04-16 N/A
The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands.
CVE-2005-1982 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Xp 2026-04-16 N/A
Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
CVE-1999-0779 1 Hp 1 Hp-ux 2026-04-16 N/A
Denial of service in HP-UX SharedX recserv program.
CVE-2005-1974 1 Sun 1 J2se 2026-04-16 N/A
Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges.
CVE-2005-1970 1 Symantec 1 Pcanywhere 2026-04-16 N/A
Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.
CVE-2005-1962 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.
CVE-2005-1957 1 Adam Mmedici 1 File Upload Manager 2026-04-16 N/A
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action.
CVE-2005-1954 1 Singapore 1 Singapore 2026-04-16 N/A
singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message.
CVE-2005-1205 1 Microsoft 1 Windows 2003 Server 2026-04-16 N/A
The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
CVE-2005-1935 1 Microsoft 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the BERDecBitString function in Microsoft ASN.1 library (MSASN1.DLL) allows remote attackers to execute arbitrary code via nested constructed bit strings, which leads to a realloc of a non-null pointer and causes the function to overwrite previously freed memory, as demonstrated using a SPNEGO token with a constructed bit string during HTTP authentication, and a different vulnerability than CVE-2003-0818. NOTE: the researcher has claimed that MS:MS04-007 fixes this issue.
CVE-2005-1933 1 Apple 1 Mac Os X 2026-04-16 N/A
Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute arbitrary commands by overriding the behavior of system widgets via a user widget with the same bundle identifier (CFBundleIdentifier), a different vulnerability than CVE-2005-1474.
CVE-2004-2114 1 Internetnow 1 Proxynow 2026-04-16 N/A
Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.
CVE-2005-1928 1 Trend Micro 1 Serverprotect Earthagent 2026-04-16 N/A
Trend Micro ServerProtect EarthAgent for Windows Management Console 5.58 and possibly earlier versions, when running with Trend Micro Control Manager 2.5 and 3.0, and Damage Cleanup Server 1.1, allows remote attackers to cause a denial of service (CPU consumption) via a flood of crafted packets with a certain "magic value" to port 5005, which also leads to a memory leak.
CVE-2005-1922 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
CVE-2005-1921 6 Debian, Drupal, Gggeek and 3 more 6 Debian Linux, Drupal, Phpxmlrpc and 3 more 2026-04-16 N/A
Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka XML-RPC or xmlrpc) and PHPXMLRPC (aka XML-RPC For PHP or php-xmlrpc) 1.1 and earlier, as used in products such as (1) WordPress, (2) Serendipity, (3) Drupal, (4) egroupware, (5) MailWatch, (6) TikiWiki, (7) phpWebSite, (8) Ampache, and others, allows remote attackers to execute arbitrary PHP code via an XML file, which is not properly sanitized before being used in an eval statement.
CVE-1999-1248 1 Hp 1 Hp-ux 2026-04-16 N/A
Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through 9.0 allows local users to gain privileges.
CVE-1999-0772 1 Compaq 2 Insight Management Agent, Power Management 2026-04-16 N/A
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.
CVE-2005-4831 1 Viewcvs 1 Viewcvs 2026-04-16 N/A
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.
CVE-2005-0131 1 Berlios 1 Konversation 2026-04-16 N/A
The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.