Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0739 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
CVE-2005-4723 2 D-link, Dlink 4 Di-524, Di-784, Di-524 and 1 more 2026-04-16 N/A
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
CVE-2005-0286 1 Emotion 1 Mediapartner Web Server 2026-04-16 N/A
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.
CVE-2005-4727 1 Martin Bauer 1 Gbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field.
CVE-2005-0295 1 Inca 1 Nprotect Gameguard 2026-04-16 N/A
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.
CVE-2005-4729 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
CVE-2000-0591 1 Novell 1 Bordermanager 2026-04-16 N/A
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
CVE-2005-4743 1 Nelogic Technologies 1 Nephp Publisher 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters.
CVE-2005-0296 1 Novell 2 Groupwise, Groupwise Webaccess 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
CVE-2005-4772 1 Suse 5 Suse Linux, Suse Linux Openexchange Server, Suse Linux School Server and 2 more 2026-04-16 N/A
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
CVE-2005-0314 1 Amax Information Technologies 1 Magic Winmail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.
CVE-2005-4777 1 Tashcom 1 Aspedit 2026-04-16 N/A
Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password.
CVE-2005-0316 1 Webwasher 1 Webwasher Classic 2026-04-16 N/A
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
CVE-2005-4780 1 Fidra Software 1 Lighthouse Cms 2026-04-16 3.7 Low
Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED
CVE-2005-4785 1 Jl Webworks 1 Quickblogger 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section.
CVE-2005-0322 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
CVE-2005-4786 1 Hauri 3 Hauri Livecall, Virobot, Vrazmain.dll 2026-04-16 N/A
Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename.
CVE-2005-0330 1 People Can Fly 1 Painkiller 2026-04-16 N/A
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.
CVE-2005-4791 1 Novell 1 Suse Linux 2026-04-16 N/A
Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.
CVE-2005-0336 1 Emotion 1 Mediapartner Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML.