Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3306 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307.
CVE-2005-3309 1 Zomplog 1 Zomplog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php.
CVE-2004-0479 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference.
CVE-2005-3315 1 Novell 1 Zenworks Patch Management Server 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.
CVE-2005-3321 2 Novell, Suse 2 Suse Linux, Suse Linux 2026-04-16 N/A
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
CVE-2005-3328 1 Punbb 1 Punbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
CVE-2005-3331 1 Rogers Software Source 1 Mgdiff Patch Viewer 2026-04-16 N/A
viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-0575 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
CVE-2004-0577 1 Qbik 1 Wingate 2026-04-16 N/A
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
CVE-2005-3393 1 Openvpn 2 Openvpn, Openvpn Access Server 2026-04-16 N/A
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
CVE-2005-3396 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.
CVE-2004-0580 1 Linksys 12 Befcmu10, Befn2ps4, Befsr11 and 9 more 2026-04-16 N/A
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
CVE-2004-0583 3 Debian, Usermin, Webmin 3 Debian Linux, Usermin, Webmin 2026-04-16 N/A
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
CVE-2005-3402 1 Mozilla 1 Thunderbird 2026-04-16 N/A
The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.
CVE-2004-0590 3 Frees Wan, Openswan, Strongswan 4 Frees Wan, Super Frees Wan, Openswan and 1 more 2026-04-16 N/A
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
CVE-2005-3408 1 Greg Neustaetter 1 Gcards 2026-04-16 N/A
SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.
CVE-2005-3411 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.
CVE-2004-0601 1 Distcc 1 Distcc 2026-04-16 N/A
distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions.
CVE-2005-3412 1 Elite Forum 1 Elite Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.
CVE-2004-0603 1 Gnu 1 Gzip 2026-04-16 N/A
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.