Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1220 1 Knusperleicht 1 Shoutbox Script 2026-04-16 N/A
Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.
CVE-2005-1322 1 Horde 1 Nag 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
CVE-2005-1344 1 Apache 1 Http Server 2026-04-16 N/A
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-2005-1347 1 Adobe 1 Acrobat Reader 2026-04-16 N/A
** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED.
CVE-2005-1358 1 Text.cgi 1 Text.cgi 2026-04-16 N/A
text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2005-1368 1 Linux 1 Linux Kernel 2026-04-16 N/A
The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.
CVE-2005-1373 1 Dream4 1 Koobi Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.
CVE-2005-1375 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.
CVE-2005-1377 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.
CVE-2005-1381 1 Oracle 1 Application Server Web Cache 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
CVE-2005-1382 1 Oracle 1 Application Server Web Cache 2026-04-16 N/A
The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.
CVE-2005-1384 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
CVE-2005-1385 1 Apple 1 Safari 2026-04-16 N/A
Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.
CVE-2005-1387 1 Kristofer Szymanski 1 Cocktail 2026-04-16 N/A
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.
CVE-2005-1388 1 Survivor 1 Survivor 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-1428 1 Uapplication 1 Uphotogallery 2026-04-16 N/A
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.
CVE-2005-2517 1 Apple 2 Mac Os X, Safari 2026-04-16 N/A
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
CVE-2005-2523 1 Apple 2 Mac Os X, Weblog Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2556 1 Mantis 1 Mantis 2026-04-16 N/A
core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.
CVE-2005-2568 1 Syscp Team 1 Syscp 2026-04-16 N/A
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.