Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0235 8 Clearswift, F-secure, Rarlab and 5 more 15 Mailsweeper, F-secure Anti-virus, F-secure For Firewalls and 12 more 2026-04-16 N/A
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
CVE-2005-2803 1 Hiki 1 Hiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336.
CVE-2005-2809 1 Silc 1 Secure Internet Live Conferencing 2026-04-16 N/A
silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file.
CVE-2005-2810 1 Urban 1 Urban 2026-04-16 N/A
Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.
CVE-2005-2813 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
CVE-2005-2843 1 Helpdesk Software 1 Hesk 2026-04-16 N/A
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.
CVE-2004-0284 1 Microsoft 3 Ie, Internet Explorer, Outlook 2026-04-16 N/A
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
CVE-2004-0286 1 Robotftp 1 Robotftp Server 2026-04-16 N/A
Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.
CVE-2005-2844 1 Indiatimes Messenger 1 Indiatimes Messenger 2026-04-16 N/A
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
CVE-2004-0324 1 Confirm 1 Confirm 2026-04-16 N/A
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
CVE-2004-0334 1 Innomedia 1 Innomedia Videophone 2026-04-16 N/A
InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error.
CVE-2005-2925 1 Sgi 1 Irix 2026-04-16 N/A
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.
CVE-2005-2956 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files.
CVE-2005-2958 1 Gnome 1 Libgda2 2026-04-16 N/A
Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.
CVE-2005-2969 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Network Satellite and 1 more 2026-04-16 N/A
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
CVE-2005-2977 2 Pam, Redhat 2 Pam, Enterprise Linux 2026-04-16 N/A
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
CVE-2005-2985 1 Aewebworks 1 Aedating 2026-04-16 N/A
SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter.
CVE-2005-2152 1 Geeklog 1 Geeklog 2026-04-16 N/A
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
CVE-2005-2161 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags.
CVE-2005-3221 1 Fortinet 1 Fortinet Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Fortinet Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.