Search Results (362097 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1485 1 Kmint21 Software 1 Golden Ftp Server 2026-04-16 N/A
Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.
CVE-2006-2473 1 Openwiki 1 Openwiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ow.asp in OpenWiki 0.78 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: this issue has been disputed by the vendor and a third party who is affiliated with the product. The vendor states "You cannot insert code in a wikipage or via URL parameters as they are all escaped before usage, so nothing can be compromised at other sites.
CVE-2005-1488 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html.
CVE-2005-1489 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.
CVE-2005-1490 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.
CVE-2006-2476 1 Bitrix 1 Bitrix Site Manager 2026-04-16 N/A
Bitrix Site Manager 4.1.x stores updater.log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.
CVE-2005-1518 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.
CVE-2005-1519 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
CVE-2005-1525 1 The Cacti Group 1 Cacti 2026-04-16 N/A
SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-1543 1 Novell 5 Zenworks, Zenworks Desktops, Zenworks Remote Management and 2 more 2026-04-16 N/A
Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests.
CVE-2005-1553 1 Geovision 1 Digital Surveillance System 2026-04-16 N/A
GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.
CVE-2005-1558 1 Neteyes 1 Nexusway 2026-04-16 N/A
The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie.
CVE-2005-1559 1 Neteyes 1 Nexusway 2026-04-16 N/A
The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.
CVE-2005-1561 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter.
CVE-2005-1562 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.
CVE-2005-1565 1 Mozilla 1 Bugzilla 2026-04-16 N/A
Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.
CVE-2005-1571 1 Wenig And Spitzer-williams 1 Showoff Digital Media Software 2026-04-16 N/A
Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.
CVE-2005-1573 1 Darrel Oneil 1 Asp Virtual News Manager 2026-04-16 N/A
SQL injection vulnerability in admin_login.asp for ASP Virtual News Manager allows remote attackers to execute arbitrary SQL commands via the password parameter.
CVE-2005-1574 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
Windows Media Player 9 and 10, in certain cases, allows content protected by Windows Media Digital Rights Management (WMDRM) to redirect the user to a web site to obtain a license, even when the "Acquire licenses automatically for protected content" setting is not enabled.
CVE-2005-1577 1 Apg Technology 1 Classmaster 2026-04-16 N/A
APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.