Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2830 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS proxy server that requires Basic Authentication, sends URLs in cleartext, which allows remote attackers to obtain sensitive information, aka "HTTPS Proxy Vulnerability."
CVE-2005-2987 1 Digital Scribe 1 Digital Scribe 2026-04-16 N/A
SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter.
CVE-2005-2996 1 Symantec Veritas 2 Storage Exec, Storagecentral 2026-04-16 N/A
Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls.
CVE-2006-3270 1 Thorcms 1 Thorcms 2026-04-16 N/A
SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2000-0630 1 Microsoft 2 Internet Information Server, Internet Information Services 2026-04-16 N/A
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
CVE-2005-3020 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php.
CVE-2005-3024 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
CVE-2005-3025 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
CVE-2000-0800 1 Suse 1 Suse Linux 2026-04-16 N/A
String parsing error in rpc.kstatd in the linuxnfs or knfsd packages in SuSE and possibly other Linux systems allows remote attackers to gain root privileges.
CVE-2005-3043 1 Mall23 1 Mall23 2026-04-16 N/A
SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter.
CVE-2005-3044 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems.
CVE-2005-3066 1 Scriptsolutions 1 Perldiver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged.
CVE-2003-1066 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
CVE-2005-3076 1 Simplog 1 Simplog 2026-04-16 N/A
Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php.
CVE-2003-1071 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users to send messages to logged on users that appear to come from arbitrary user IDs by closing stderr before executing wall, then supplying a spoofed from header.
CVE-2003-1072 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Memory leak in lofiadm in Solaris 8 allows local users to cause a denial of service (kernel memory consumption).
CVE-2005-3182 1 Gfi 1 Mailsecurity 2026-04-16 N/A
Buffer overflow in the HTTP management interface for GFI MailSecurity 8.1 allows remote attackers to execute arbitrary code via long headers such as (1) Host and (2) Accept in HTTP requests. NOTE: the vendor suggests that this issues is "in an underlying Microsoft technology" which, if true, could mean that the overflow affects other products as well.
CVE-2005-3186 3 Gnome, Gtk, Redhat 3 Gdkpixbuf, Gtk\+, Enterprise Linux 2026-04-16 N/A
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer overflow.
CVE-2004-2259 2 Beasts, Redhat 2 Vsftpd, Enterprise Linux 2026-04-16 N/A
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
CVE-2005-1760 1 Redhat 4 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation and 1 more 2026-04-16 N/A
sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges.