Total
29942 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0700 | 1 Aztek Forum | 1 Aztek Forum | 2026-04-16 | N/A |
| The export_index action in myadmin.php for Aztek Forum 4.0 allows remote attackers to obtain database files, possibly by setting the ATK_ADMIN cookie. | ||||
| CVE-2005-3353 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2026-04-16 | N/A |
| The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image. | ||||
| CVE-1999-0627 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| The rexd service is running, which uses weak authentication that can allow an attacker to execute commands. | ||||
| CVE-2005-2390 | 1 Proftpd Project | 1 Proftpd | 2026-04-16 | N/A |
| Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive. | ||||
| CVE-1999-1205 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information. | ||||
| CVE-2003-0058 | 3 Mit, Redhat, Sun | 6 Kerberos 5, Enterprise Linux, Linux and 3 more | 2026-04-16 | N/A |
| MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference. | ||||
| CVE-2005-2399 | 1 Php Surveyor | 1 Php Surveyor | 2026-04-16 | N/A |
| PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via missing parameters to (1) browse.php, (2) export.php, (3) conditions.php, or (4) spss.php. | ||||
| CVE-2005-2410 | 1 Gnome | 1 Networkmanager | 2026-04-16 | N/A |
| Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call. | ||||
| CVE-2003-1326 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box." | ||||
| CVE-2005-2419 | 1 Eci Telecom | 1 B-focus Router | 2026-04-16 | N/A |
| B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. | ||||
| CVE-2005-2425 | 1 Ares | 1 Fileshare | 2026-04-16 | N/A |
| Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string. | ||||
| CVE-2005-2452 | 1 Libtiff | 1 Libtiff | 2026-04-16 | N/A |
| libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804. | ||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2026-04-16 | N/A |
| Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | ||||
| CVE-2005-2477 | 1 Naxtor | 1 Shopping Cart | 2026-04-16 | N/A |
| shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability. | ||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | ||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2026-04-16 | N/A |
| The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | ||||
| CVE-2004-0167 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. | ||||
| CVE-2004-0306 | 1 Cisco | 1 Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. | ||||
| CVE-2005-2489 | 1 Web Content Management | 1 Web Content Management News System | 2026-04-16 | N/A |
| Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. | ||||
| CVE-2005-2541 | 1 Gnu | 1 Tar | 2026-04-16 | 7.0 High |
| Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. | ||||