Export limit exceeded: 365399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365399 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0401 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2." | ||||
| CVE-2000-0423 | 1 Netwin | 1 Dnews | 2026-04-16 | N/A |
| Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag. | ||||
| CVE-2005-0420 | 1 Microsoft | 1 Exchange Server | 2026-04-16 | N/A |
| Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. | ||||
| CVE-2000-0952 | 1 Shigio Yamaguchi | 1 Global | 2026-04-16 | N/A |
| global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. | ||||
| CVE-2000-0977 | 1 Oatmeal Studios | 1 Mail File | 2026-04-16 | N/A |
| mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. | ||||
| CVE-2005-0421 | 1 Delphiturk | 1 Delphiturk Ftp | 2026-04-16 | N/A |
| DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. | ||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2026-04-16 | N/A |
| DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | ||||
| CVE-2005-0439 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names. | ||||
| CVE-2001-0135 | 1 Ultrascripts | 1 Ultraboard | 2026-04-16 | N/A |
| The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. | ||||
| CVE-2005-0449 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||||
| CVE-2005-0452 | 1 Microsoft | 1 Asp.net | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | ||||
| CVE-2005-0453 | 1 Lighttpd | 1 Lighttpd | 2026-04-16 | N/A |
| The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension. | ||||
| CVE-2005-0454 | 1 Codeworx Technologies | 1 Dcp-portal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php. | ||||
| CVE-2001-1196 | 1 Webmin | 1 Webmin | 2026-04-16 | N/A |
| Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. | ||||
| CVE-2002-0263 | 1 Ezne.net | 1 Ezboard 2000 | 2026-04-16 | N/A |
| Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi. | ||||
| CVE-2005-0457 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. | ||||
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | ||||
| CVE-2005-0459 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. | ||||
| CVE-2002-0955 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message. | ||||
| CVE-2005-0460 | 1 Mercuryboard | 1 Mercuryboard | 2026-04-16 | N/A |
| index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter. | ||||