Search Results (366787 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0260 1 Broadcom 1 Brightstor Arcserve Backup 2026-04-16 N/A
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
CVE-2005-0261 1 Ibm 1 Aix 2026-04-16 N/A
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.
CVE-2005-0262 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
CVE-2005-0265 1 Owl 1 Owl Intranet Engine 2026-04-16 N/A
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.
CVE-2005-0266 1 Sugarcrm 1 Sugarcrm 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.
CVE-2005-0267 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.
CVE-2005-0268 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.
CVE-2005-0269 1 Sir 1 Gnuboard 2026-04-16 9.8 Critical
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.
CVE-2005-0270 1 Photopost 1 Reviewpost Php Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
CVE-2005-0271 1 Photopost 1 Reviewpost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.
CVE-2005-0272 1 Photopost 1 Reviewpost Php Pro 2026-04-16 N/A
ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.
CVE-2005-0273 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
CVE-2005-0274 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters.
CVE-2005-0275 1 3com 1 3cdaemon 2026-04-16 N/A
TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.
CVE-2005-0276 1 3com 1 3cdaemon 2026-04-16 N/A
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.
CVE-2005-0277 1 3com 1 3cdaemon 2026-04-16 N/A
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
CVE-2005-0278 1 3com 1 3cdaemon 2026-04-16 N/A
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
CVE-2005-0279 1 Jowood Productions 1 Soldner Secret Wars 2026-04-16 N/A
Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.
CVE-2005-0280 1 Jowood Productions 1 Soldner Secret Wars 2026-04-16 N/A
Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message.
CVE-2005-0281 1 Jowood Productions 1 Soldner Secret Wars 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.