Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1494 1 Megabook 1 Megabook 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.
CVE-2005-1477 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
CVE-2005-1478 1 Netwin 1 Dmail 2026-04-16 N/A
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.
CVE-2005-1479 1 Jgs-xa 1 Jgs-portal 2026-04-16 N/A
SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-1480 1 Raiden Professional Servers 1 Raidenftpd 2026-04-16 N/A
Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.
CVE-2005-1481 1 Aaronoutpost 1 Asp Inline Corporate Calendar 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp.
CVE-2005-1482 1 Interspire 1 Articlelive 2026-04-16 N/A
ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.
CVE-2005-1483 1 Interspire 1 Articlelive 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.
CVE-2005-1484 1 Kmint21 Software 1 Golden Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.
CVE-2005-1485 1 Kmint21 Software 1 Golden Ftp Server 2026-04-16 N/A
Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.
CVE-2005-1486 1 Fishnet 1 Fishcart 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php. NOTE: the vendor was not able to reproduce some of the reported vectors but believes that they have been addressed. The original researcher is known to be unreliable.
CVE-2005-1487 1 Fishnet 1 Fishcart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable
CVE-2005-1488 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html.
CVE-2005-1489 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.
CVE-2005-1490 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
CVE-2005-1491 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html.
CVE-2005-1492 1 Gossamer Threads 2 Gossamer Threads Links, Gossamer Threads Links-sql 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer Threads Links SQL 2.x and 3.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2005-1493 1 Dead Pirate Software 1 Simplecam 2026-04-16 N/A
Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.
CVE-2005-1495 1 Oracle 3 Application Server, Oracle10g, Oracle9i 2026-04-16 N/A
Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.
CVE-2005-1496 1 Oracle 2 Application Server, Oracle10g 2026-04-16 N/A
The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.