Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3310 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
CVE-2005-3323 2 Debian, Zope 2 Debian Linux, Zope 2026-04-16 N/A
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
CVE-2004-0049 1 Realnetworks 2 Helix Universal Mobile Server, Helix Universal Server 2026-04-16 N/A
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
CVE-2005-2487 1 Mcdata 4 Intrepid 6064 Director Switch, Intrepid 6140 Director Switch, Sphereon 4300 Fabric Switch and 1 more 2026-04-16 N/A
Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.
CVE-2004-0059 1 Lionmax Software 1 Www File Share Pro 2026-04-16 N/A
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.
CVE-2004-0065 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
CVE-2005-2491 2 Pcre, Redhat 2 Pcre, Enterprise Linux 2026-04-16 N/A
Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.
CVE-2005-2496 2 Dave Mills, Redhat 2 Ntpd, Enterprise Linux 2026-04-16 N/A
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
CVE-2005-2505 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
CVE-2004-0068 1 Phpdig.net 1 Phpdig 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
CVE-2004-0069 1 Hd Soft 1 Windows Ftp Server 2026-04-16 N/A
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.
CVE-2005-2506 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
CVE-2004-0073 1 Stoitsov 1 Easydynamicpages 2026-04-16 N/A
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
CVE-2005-2535 1 Broadcom 4 Arcserve Backup 2000, Brightstor Arcserve Backup, Brightstor Arcserve Backup Hp and 1 more 2026-04-16 N/A
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.
CVE-2004-0082 2 Redhat, Samba 2 Enterprise Linux, Samba 2026-04-16 N/A
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
CVE-2004-0084 3 Openbsd, Redhat, Xfree86 Project 4 Openbsd, Enterprise Linux, Linux and 1 more 2026-04-16 N/A
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
CVE-2004-0089 1 Apple 1 Mac Os X 2026-04-16 N/A
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
CVE-2004-0095 1 Mcafee 1 Epolicy Orchestrator 2026-04-16 N/A
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
CVE-2005-2553 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.
CVE-2005-3356 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors.