Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-0352 1 Fluffington 1 Flog 2026-04-16 N/A
The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via a direct request. NOTE: It was later reported that 1.1.2 is also affected.
CVE-2005-1237 1 China-on-site 1 Flexphpnews 2026-04-16 N/A
SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.
CVE-2005-1244 1 Netiq 1 Pssecure 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.
CVE-2005-1245 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2006-0353 1 Gnu 1 Lsh 2026-04-16 N/A
unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.
CVE-2005-1248 1 Apple 1 Itunes 2026-04-16 N/A
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file.
CVE-2005-1255 1 Ipswitch 3 Imail, Imail Server, Ipswitch Collaboration Suite 2026-04-16 N/A
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
CVE-2005-1261 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
CVE-2005-1262 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.
CVE-2006-0354 1 Cisco 8 Aironet Ap1100, Aironet Ap1130ag, Aironet Ap1200 and 5 more 2026-04-16 N/A
Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by sending the management interface a large number of spoofed ARP packets, which creates a large ARP table that exhausts memory, aka Bug ID CSCsc16644.
CVE-2005-1269 2 Redhat, Rob Flynn 2 Enterprise Linux, Gaim 2026-04-16 N/A
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.
CVE-2005-1278 2 Lbl, Redhat 2 Tcpdump, Enterprise Linux 2026-04-16 N/A
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
CVE-2006-0357 1 Grant Averett 1 Cerberus Ftp Server 2026-04-16 N/A
Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.
CVE-2005-1284 1 Argosoft 1 Argosoft Mail Server 2026-04-16 N/A
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.
CVE-2005-1288 1 Asp Press 1 Acs Blog 2026-04-16 N/A
inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.
CVE-2006-0358 1 Powerportal 1 Powerportal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE: This issue might overlap CVE-2004-0663.2.
CVE-1999-1585 1 Sun 1 Sunos 2026-04-16 N/A
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with physical access to gain root privileges.
CVE-2005-1289 1 E-cart 1 E-cart 2026-04-16 N/A
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
CVE-2005-1292 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.
CVE-2005-1311 1 Yappa-ng 1 Yappa-ng 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.