Search Results (366877 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0904 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
CVE-2005-0905 1 Maxthon 1 Maxthon 2026-04-16 N/A
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
CVE-2005-0906 3 Instance Four, Sacred, Ubi Soft 3 Tincat, Sacred, The Settlersheritage Of Kings 2026-04-16 N/A
Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code.
CVE-2005-0907 1 Valdersoft 1 Shopping Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
CVE-2005-0908 1 Valdersoft 1 Valdersoft Shopping Cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to inject arbitrary web script or HTML via (1) the lang parameter to index.php or (2) the searchTopCategoryID parameter to search_result.php.
CVE-2005-0909 1 Tkais Shoutbox 1 Tkais Shoutbox 2026-04-16 N/A
PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter.
CVE-2005-0910 1 E-xoops 1 E-xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.
CVE-2005-0911 1 E-xoops 1 E-xoops 2026-04-16 N/A
Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
CVE-2005-0912 1 Deplate 1 Deplate 2026-04-16 N/A
Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
CVE-2005-0913 1 Smarty 1 Smarty 2026-04-16 N/A
Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code.
CVE-2005-0914 1 Cpg-nuke 1 Cpg Dragonfly Cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
CVE-2005-0915 1 Webmasters-debutants 1 Wd Guestbook 2026-04-16 N/A
Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php.
CVE-2005-0916 1 Linux 1 Linux Kernel 2026-04-16 N/A
AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.
CVE-2005-0917 1 Powerdev 1 Encapsbb 2026-04-16 N/A
PHP remote file inclusion vulnerability in index_header.php for EncapsBB 0.3.2_fixed, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the root parameter.
CVE-2005-0918 2 Adobe, Microsoft 2 Svg Viewer, Internet Explorer 2026-04-16 N/A
The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.
CVE-2005-0919 1 Adventia 2 Adventia Chat, Adventia Server Pro 2026-04-16 N/A
Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks.
CVE-2005-0920 1 Bugtracker.net 1 Bugtracker.net 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-0921 1 Microsoft 1 Outlook Connector 2026-04-16 N/A
Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
CVE-2005-0462 1 Mercuryboard 1 Mercuryboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and 1.1.x allows remote attackers to inject arbitrary HTML and web script via the f parameter.
CVE-2005-0463 1 Inl 1 Ulog-php 2026-04-16 N/A
Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.