Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2192 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack.
CVE-2005-2193 1 Punbb 1 Punbb 2026-04-16 N/A
SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped.
CVE-2005-2195 1 Apple 1 Darwin Streaming Server 2026-04-16 N/A
Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502.
CVE-2005-2197 1 Id Board 1 Id Board 2026-04-16 N/A
SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php.
CVE-2005-2198 1 Spid 1 Spid 2026-04-16 N/A
PHP remote file inclusion vulnerability in lang.php in SPiD before 1.3.1 allows remote attackers to execute arbitrary code via the lang_path parameter.
CVE-2005-2199 1 Skrypty 1 Ppa Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in inc/functions.inc.php in PPA web photo gallery 0.5.6 allows remote attackers to execute arbitrary code via the config[ppa_root_path] variable.
CVE-2005-2201 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
CVE-2005-2202 1 Xerox 3 Workcentre 2128, Workcentre 2636, Workcentre 3545 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-2204 1 Broadcom 1 Etrust Siteminder 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the "CSSChecking" parameter is set to "NO," allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors.
CVE-2005-2205 1 Pngren 1 Pngren 2026-04-16 N/A
The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
CVE-2005-2207 1 Elemental Software 1 Cartwiz 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-2208 1 Privashare 1 Privashare 2026-04-16 N/A
PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message.
CVE-2005-2211 1 Sukria 1 Backup Manager 2026-04-16 N/A
Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR.
CVE-2005-2212 1 Sukria 1 Backup Manager 2026-04-16 N/A
Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository.
CVE-2005-2213 1 Mms Ripper 1 Mms Ripper 2026-04-16 N/A
Buffer overflow in the mms_interp_header function in mms.c in MMS Ripper before 0.6.4 might allow remote attackers to execute arbitrary code via a file with more than 20 streams.
CVE-2005-2214 1 Debian 1 Apt-setup 2026-04-16 N/A
apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-2215 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
CVE-2005-2216 1 Photogal 1 Photogal Photo Gallery 2026-04-16 N/A
PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter.
CVE-2005-2217 1 Craig Dansie 1 Dansie Shopping Cart 2026-04-16 N/A
Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables.
CVE-2005-2218 1 Freebsd 1 Freebsd 2026-04-16 N/A
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.