Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1497 1 Mywebland 1 Mybloggie 2026-04-16 N/A
index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.
CVE-2005-1498 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message. NOTE: issues 2, 3, and 4 may be due to a problem in associated products rather than myBloggie itself.
CVE-2005-1500 1 Mywebland 1 Mybloggie 2026-04-16 N/A
Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php. NOTE: item (1) was discovered to affect 2.1.3 as well.
CVE-2005-1501 1 Midicart Software 1 Midicart Php Shopping Cart 2026-04-16 N/A
MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.
CVE-2005-1502 1 Midicart Software 1 Midicart Php Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
CVE-2005-1503 1 Midicart Software 1 Midicart Php Shopping Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.
CVE-2005-1504 1 Gamespy 1 Cd-key Validation System 2026-04-16 N/A
GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.
CVE-2005-1505 1 Apple 1 Mail 2026-04-16 N/A
The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
CVE-2005-1506 1 Cj 1 Ultra Plus 2026-04-16 N/A
SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.
CVE-2005-1507 1 4d 1 Webstar 2026-04-16 N/A
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
CVE-2005-1508 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
CVE-2005-1509 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-1510 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.
CVE-2005-1511 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie.
CVE-2005-1512 1 Pwsphp 1 Pwsphp 2026-04-16 N/A
The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.
CVE-2005-1513 3 Canonical, Debian, Qmail Project 3 Ubuntu Linux, Debian Linux, Qmail 2026-04-16 9.8 Critical
Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.
CVE-2005-1514 1 Dan Bernstein 1 Qmail 2026-04-16 N/A
commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.
CVE-2005-1515 1 Dan Bernstein 1 Qmail 2026-04-16 N/A
Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.
CVE-2005-1516 1 Netwin 1 Dmail 2026-04-16 N/A
DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.
CVE-2005-1517 1 Cisco 1 Firewall Services Module 2026-04-16 N/A
Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).