Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1558 1 Neteyes 1 Nexusway 2026-04-16 N/A
The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie.
CVE-2005-0273 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
CVE-2000-0707 1 Pccs-linux 1 Mysqldatabase Admin Tool 2026-04-16 N/A
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
CVE-2005-0278 1 3com 1 3cdaemon 2026-04-16 N/A
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
CVE-2005-4721 1 The Media Shoppe Berhad 1 Tmspublisher 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-0279 1 Jowood Productions 1 Soldner Secret Wars 2026-04-16 N/A
Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.
CVE-2005-0281 1 Jowood Productions 1 Soldner Secret Wars 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.
CVE-2005-4723 2 D-link, Dlink 4 Di-524, Di-784, Di-524 and 1 more 2026-04-16 N/A
D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment.
CVE-2005-0286 1 Emotion 1 Mediapartner Web Server 2026-04-16 N/A
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.
CVE-2005-4727 1 Martin Bauer 1 Gbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field.
CVE-2005-0295 1 Inca 1 Nprotect Gameguard 2026-04-16 N/A
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.
CVE-2005-4729 1 Vbzoom 1 Vbzoom 2026-04-16 N/A
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
CVE-2000-0591 1 Novell 1 Bordermanager 2026-04-16 N/A
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
CVE-2005-4743 1 Nelogic Technologies 1 Nephp Publisher 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters.
CVE-2005-0296 1 Novell 2 Groupwise, Groupwise Webaccess 2026-04-16 N/A
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
CVE-2005-4772 1 Suse 5 Suse Linux, Suse Linux Openexchange Server, Suse Linux School Server and 2 more 2026-04-16 N/A
liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.
CVE-2005-0314 1 Amax Information Technologies 1 Magic Winmail Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.
CVE-2005-4777 1 Tashcom 1 Aspedit 2026-04-16 N/A
Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password.
CVE-2005-0316 1 Webwasher 1 Webwasher Classic 2026-04-16 N/A
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
CVE-2005-4780 1 Fidra Software 1 Lighthouse Cms 2026-04-16 3.7 Low
Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED