Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1396 1 Swlink 1 Ce Ceterm 2026-04-16 N/A
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
CVE-2005-1397 1 Php-calendar 1 Php-calendar 2026-04-16 N/A
SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-1398 1 Phpcart 1 Phpcart 2026-04-16 N/A
phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters. NOTE: it was later reported that 3.4 through 4.6.4 are also affected.
CVE-2005-1399 1 Freebsd 1 Freebsd 2026-04-16 N/A
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.
CVE-2005-1400 1 Freebsd 1 Freebsd 2026-04-16 N/A
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
CVE-2005-1401 1 Mtp-target 1 Mtp-target 2026-04-16 N/A
Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text.
CVE-2005-1402 1 Mtp-target 1 Mtp-target 2026-04-16 N/A
Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.
CVE-2005-1403 1 Just Williams 1 Amazon Webstore 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
CVE-2005-1404 1 Myphp Forum 1 Myphp Forum 2026-04-16 N/A
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.
CVE-2005-1405 1 Ibm 1 Lotus Notes 2026-04-16 N/A
HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.
CVE-2005-1406 1 Freebsd 1 Freebsd 2026-04-16 N/A
The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.
CVE-2005-1407 1 Skype Technologies 1 Skype 2026-04-16 N/A
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
CVE-2005-1408 1 Apple 1 Keynote 2026-04-16 N/A
Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary files via the keynote: URI handler in a crafted Keynote presentation.
CVE-2005-1409 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
CVE-2005-1410 3 Postgresql, Redhat, Trustix 3 Postgresql, Enterprise Linux, Secure Linux 2026-04-16 N/A
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
CVE-2005-1411 1 Cybration 1 Icuii 2026-04-16 N/A
Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges.
CVE-2005-1412 1 Ecomm 1 Professional Guestbook 2026-04-16 N/A
SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.
CVE-2005-1413 1 Envivosoft 1 Envivo Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.
CVE-2005-1414 1 Exoticsoft 1 Filepocket 2026-04-16 N/A
ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges.
CVE-2005-1415 1 Globalscape 1 Secure Ftp Server 2026-04-16 N/A
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.