Export limit exceeded: 365399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365399 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0401 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."
CVE-2000-0423 1 Netwin 1 Dnews 2026-04-16 N/A
Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers to execute arbitrary commands via long parameters such as group, cmd, and utag.
CVE-2005-0420 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application.
CVE-2000-0952 1 Shigio Yamaguchi 1 Global 2026-04-16 N/A
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2000-0977 1 Oatmeal Studios 1 Mail File 2026-04-16 N/A
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
CVE-2005-0421 1 Delphiturk 1 Delphiturk Ftp 2026-04-16 N/A
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.
CVE-2005-0422 1 Delphiturk 1 Codebank 2026-04-16 N/A
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
CVE-2005-0439 1 Stefan Ritt 1 Elog Web Logbook 2026-04-16 N/A
Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.
CVE-2001-0135 1 Ultrascripts 1 Ultraboard 2026-04-16 N/A
The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs.
CVE-2005-0449 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.
CVE-2005-0452 1 Microsoft 1 Asp.net 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<".
CVE-2005-0453 1 Lighttpd 1 Lighttpd 2026-04-16 N/A
The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
CVE-2005-0454 1 Codeworx Technologies 1 Dcp-portal 2026-04-16 N/A
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.
CVE-2001-1196 1 Webmin 1 Webmin 2026-04-16 N/A
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
CVE-2002-0263 1 Ezne.net 1 Ezboard 2000 2026-04-16 N/A
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
CVE-2005-0457 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory.
CVE-2005-0458 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter.
CVE-2005-0459 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.
CVE-2002-0955 1 Yabb 1 Yabb 2026-04-16 N/A
Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulletin Board (YaBB) 1 Gold SP1 and earlier allows remote attackers to execute arbitrary script as other web site visitors via script in the num parameter, which is not filtered in the resulting error message.
CVE-2005-0460 1 Mercuryboard 1 Mercuryboard 2026-04-16 N/A
index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter.