Export limit exceeded: 367154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367154 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2013 1 Php Arena 1 Pafaq 2026-04-16 N/A
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords.
CVE-2005-2014 1 Php Arena 1 Pafaq 2026-04-16 N/A
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack.
CVE-2005-2017 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
CVE-2005-2019 1 Freebsd 1 Freebsd 2026-04-16 N/A
ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions.
CVE-2005-2020 1 3com 1 3c15100d 2026-04-16 N/A
Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.
CVE-2005-2021 1 Cpanel 1 Cpanel 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page.
CVE-2005-2022 1 Sun 2 Iplanet Messaging Server, One Messaging Server 2026-04-16 N/A
Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.
CVE-2005-2023 1 Suse 1 Suse Linux 2026-04-16 N/A
The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.
CVE-2005-2024 1 Vipul 1 Razor-agents 2026-04-16 N/A
Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.
CVE-2005-2025 1 Cisco 8 Vpn 3000 Concentrator, Vpn 3000 Concentrator Series Software, Vpn 3005 Concentrator Software and 5 more 2026-04-16 N/A
Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to determine valid groupnames by sending an IKE Aggressive Mode packet with the groupname in the ID field, which generates a response if the groupname is valid, but does not generate a response for an invalid groupname.
CVE-2005-2027 1 Enterasys 1 Vertical Horizon-2402s 2026-04-16 N/A
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.
CVE-2005-2028 1 Mercuryboard 1 Mercuryboard Message Board 2026-04-16 N/A
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.
CVE-2005-2029 1 Amarok 1 Web Frontend 2026-04-16 N/A
amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.
CVE-2005-2030 1 Ultimate Php Board 1 Ultimate Php Board 2026-04-16 N/A
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.
CVE-2005-2031 1 Socialmpn 1 Socialmpn 2026-04-16 N/A
Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php.
CVE-2005-2032 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.
CVE-2005-2033 1 Blue-collar Productions 1 I-gallery 2026-04-16 N/A
Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter.
CVE-2005-2034 1 Blue-collar Productions 1 I-gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter.
CVE-2005-2035 1 Cool Cafe Chat 1 Cool Cafe Chat 2026-04-16 N/A
SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.
CVE-2005-1569 1 Directtopics 1 Directtopics 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.