Export limit exceeded: 364105 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364105 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4214 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
CVE-2005-4216 1 Macromedia 1 Flash Media Server 2026-04-16 N/A
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
CVE-2005-3776 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
CVE-2005-3774 1 Cisco 1 Pix 2026-04-16 N/A
Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not produce a valid connection with the end system, including (1) SYN packets with invalid checksums, which do not result in a RST; or, from an external interface, (2) one byte of "meaningless data," or (3) a TTL that is one less than needed to reach the internal destination.
CVE-2004-1203 1 Phpcms 1 Phpcms 2026-04-16 N/A
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
CVE-2005-3773 1 Joomla 1 Joomla 2026-04-16 N/A
Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."
CVE-2003-1346 1 D-link 1 Dwl-900ap\+ 2026-04-16 N/A
D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.
CVE-2005-3771 1 Joomla 1 Joomla 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".
CVE-2005-3349 1 Gnu 1 Gnump3d 2026-04-16 N/A
GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file.
CVE-2005-2504 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
CVE-2005-3351 2 Apache, Redhat 2 Spamassassin, Enterprise Linux 2026-04-16 N/A
SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl.
CVE-2005-2513 1 Apple 1 Mac Os X 2026-04-16 N/A
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.
CVE-2005-3353 2 Php, Redhat 2 Php, Enterprise Linux 2026-04-16 N/A
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
CVE-2005-2514 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
CVE-2005-3360 1 Trend Micro 1 Pc-cillin 2005 2026-04-16 N/A
The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 build 1244, and probably previous versions, uses insecure default ACLs, which allows local users to cause a denial of service (disabled service) and gain system privileges by modifying or moving critical program files.
CVE-2005-3361 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.
CVE-2005-2516 1 Apple 2 Mac Os X, Safari 2026-04-16 N/A
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
CVE-2005-3367 1 Sparkleblog 1 Sparkleblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.
CVE-2005-2520 1 Apple 1 Mac Os X 2026-04-16 N/A
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
CVE-2005-3370 1 Arcavir 1 Arcavir 2005 2026-04-16 N/A
Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."