Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1525 1 The Cacti Group 1 Cacti 2026-04-16 N/A
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-1528 1 Qnx 1 Rtos 2026-04-16 N/A
Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.
CVE-2005-1547 1 Bakbone 1 Netvault 2026-04-16 N/A
Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.
CVE-2005-1548 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-16 N/A
SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.
CVE-2005-1544 1 Libtiff 1 Libtiff 2026-04-16 N/A
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
CVE-2005-1545 1 Ht Editor 1 Ht Editor 2026-04-16 N/A
Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.
CVE-2005-1546 1 Ht Editor 1 Ht Editor 2026-04-16 N/A
Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.
CVE-2005-1555 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.
CVE-2005-1556 1 Gamespy 1 Gamespy Sdk Cd-key Validation Toolkit 2026-04-16 N/A
Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.
CVE-2005-1554 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.
CVE-2005-1565 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.
CVE-2005-1567 1 Directtopics 1 Directtopics 2026-04-16 N/A
SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.
CVE-2005-1889 1 Sun 1 Java System Web Server 2026-04-16 N/A
Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files.
CVE-2005-1571 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
CVE-2005-1572 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083.
CVE-2005-1573 1 Darrel Oneil 1 Asp Virtual News Manager 2026-04-16 N/A
SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2005-1575 1 Mozilla 1 Firefox 2026-04-16 N/A
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.
CVE-2005-1577 1 Apg Technology 1 Classmaster 2026-04-16 N/A
APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.
CVE-2005-1583 1 1two 1 1two News 2026-04-16 N/A
1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.
CVE-2005-1586 1 Open Solution 1 Quick.forum 2026-04-16 N/A
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.