Search Results (366715 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0421 1 Delphiturk 1 Delphiturk Ftp 2026-04-16 N/A
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
CVE-2005-0422 1 Delphiturk 1 Codebank 2026-04-16 N/A
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
CVE-2005-0424 1 Aspjar 1 Aspjar Guestbook 2026-04-16 N/A
Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730.
CVE-2005-0425 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine.
CVE-2005-0426 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.
CVE-2005-0427 1 Gentoo 1 Webmin 2026-04-16 N/A
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
CVE-2005-0428 1 Powerdns 1 Powerdns 2026-04-16 N/A
The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.
CVE-2005-0429 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.
CVE-2005-0430 1 Id Software 1 Quake 3 Engine 2026-04-16 N/A
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
CVE-2005-0431 1 Barracuda Networks 1 Barracuda Spam Firewall 2026-04-16 N/A
Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.
CVE-2005-0432 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.
CVE-2005-0433 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.
CVE-2005-0434 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation.
CVE-2005-0435 1 Awstats 1 Awstats 2026-04-16 N/A
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.
CVE-2005-0436 1 Awstats 1 Awstats 2026-04-16 N/A
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.
CVE-2005-0437 1 Awstats 1 Awstats 2026-04-16 N/A
Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.
CVE-2005-0438 1 Awstats 1 Awstats 2026-04-16 N/A
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.
CVE-2005-0439 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.
CVE-2005-0440 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.
CVE-2005-0441 1 Sybase 1 Adaptive Server Enterprise 2026-04-16 N/A
Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.