Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3557 1 Tincan 1 Phplist 2026-04-16 N/A
Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request.
CVE-2005-3551 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file.
CVE-2005-3576 1 Walla Telesite 1 Walla Telesite 2026-04-16 N/A
ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.
CVE-2005-3574 1 Icms Content Management Systems 1 Icms 2026-04-16 N/A
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.
CVE-2005-3582 1 Imagemagick 1 Imagemagick 2026-04-16 N/A
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
CVE-2005-3581 1 Gdal 1 Gdal 2026-04-16 N/A
GDAL before 1.3.0-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
CVE-2005-3583 1 Sun 2 Jre, Sdk 2026-04-16 N/A
(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss.
CVE-2005-3595 1 Microsoft 1 Windows Xp 2026-04-16 N/A
By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer.
CVE-2005-3630 1 Redhat 1 Fedora Core 2026-04-16 N/A
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.
CVE-2005-3635 1 Sap 1 Sap Web Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application.
CVE-2005-3636 1 Sap 1 Sap Web Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages.
CVE-2005-3638 1 Ekinboard 1 Ekinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
CVE-2005-3649 1 Moodle 1 Moodle 2026-04-16 N/A
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
CVE-2005-3657 1 Mcafee 2 Mcinsctl.dll, Virusscan Security Center 2026-04-16 N/A
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
CVE-2005-3665 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
CVE-2005-4303 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
CVE-2005-4309 1 Scriptscenter 1 Ezupload Pro 2026-04-16 N/A
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
CVE-2005-4312 1 Almondsoft 1 Almond Classifieds 2026-04-16 N/A
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4314 1 Ppcal Shopping Cart 1 Ppcal Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters.
CVE-2005-4324 1 Hitachi 1 Groupmax Mail Smtp 2026-04-16 N/A
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."