Export limit exceeded: 20048 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1654 1 Hostingcontroller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
CVE-2005-1655 1 Aol 1 Instant Messenger 2026-04-16 N/A
AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag.
CVE-2005-1656 1 Mercur 1 Mercur Messaging 2026-04-16 N/A
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20").
CVE-2005-1657 1 Mercur 1 Mercur Messaging 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml.
CVE-2005-1658 1 Myserver 1 Myserver 2026-04-16 N/A
Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot).
CVE-2005-1659 1 Myserver 1 Myserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event.
CVE-2005-1660 1 Htmljunction 1 Ezguestbook 2026-04-16 N/A
HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password.
CVE-2005-1661 1 Jeuce 1 Jeuce Personal Web Server 2026-04-16 N/A
Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow.
CVE-2005-1662 1 Jeuce 1 Jeuce Personal Web Server 2026-04-16 N/A
Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2005-1664 1 Microsoft 1 Asp.net 2026-04-16 N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
CVE-2005-1665 1 Microsoft 1 Asp.net 2026-04-16 N/A
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.
CVE-2005-1666 1 Orenosv 1 Orenosv Http Ftp Server 2026-04-16 N/A
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
CVE-2005-1667 1 Datatrac 1 Activity Console 2026-04-16 N/A
DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.
CVE-2005-1668 1 Yusasp 1 Web Asset Manager 2026-04-16 N/A
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp.
CVE-2005-1669 1 Opera 1 Opera Browser 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
CVE-2005-1670 1 Extremenetworks 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos 2026-04-16 N/A
Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands.
CVE-2005-1671 1 Yahoo 1 Messenger 2026-04-16 N/A
The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users.
CVE-2005-1672 1 Ubertec 1 Help Center Live 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket.
CVE-2005-1673 1 Ubertec 1 Help Center Live 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php.
CVE-2005-1674 1 Helpcenterlive 1 Help Center Live 2026-04-16 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php.