Search Results (363407 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2290 1 Wps 1 Web Portal System 2026-04-16 N/A
wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables.
CVE-2005-2291 1 Oracle 1 Jdeveloper 2026-04-16 N/A
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information.
CVE-2005-3718 1 Utstarcom 1 F1000 Voip Wifi Phone 2026-04-16 N/A
UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication.
CVE-2005-2292 1 Oracle 1 Jdeveloper 2026-04-16 N/A
Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords in (1) IDEConnections.xml, (2) XSQLConfig.xml and (3) settings.xml, which allows local users to obtain sensitive information.
CVE-2005-3224 1 Avira 1 Antivir Personal 2026-04-16 N/A
Multiple interpretation error in unspecified versions of AntiVir Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-2293 1 Oracle 1 Forms Builder 2026-04-16 5.5 Medium
Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.
CVE-2005-2294 1 Oracle 1 Forms 2026-04-16 N/A
Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of records are retrieved by an Oracle form, stores a copy of the database tables in a world-readable temporary file, which allows local users to gain sensitive information such as credit card numbers.
CVE-2005-2295 1 Pyrosoft Inc 1 Netpanzer 2026-04-16 N/A
NetPanzer 0.8 and earlier allows remote attackers to cause a denial of service (infinite loop) via a packet with a zero datablock size.
CVE-2005-2298 1 Softwin 1 Bitdefender Engine 2026-04-16 N/A
BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards.
CVE-2005-2299 1 Man And Machine Ltd. 1 Simple Message Board 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Simple Message Board Version 2.0 Beta 1 allow remote attackers to inject arbitrary web script or HTML via the (1) FID parameter to forum.cfm, (2) UID parameter to user.cfm, (3) TID parameter to thread.cfm, or (4) PostDate parameter to search.cfm.
CVE-2005-2300 1 Skype Technologies 1 Skype 2026-04-16 N/A
Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary files via a symlink attack on the skype_profile.jpg temporary file.
CVE-2005-2301 1 Powerdns 1 Powerdns 2026-04-16 N/A
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
CVE-2005-3725 1 Zyxel 1 Prestige 2000w V.1voip Wi-fi Phone 2026-04-16 N/A
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
CVE-2005-3726 1 Interspire 1 Articlelive Nx 2026-04-16 N/A
SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter.
CVE-2005-2306 1 Macromedia 2 Coldfusion, Jrun 2026-04-16 N/A
Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when under heavy load, causes JRun to assign a duplicate authentication token to multiple sessions, which could allow authenticated users to gain privileges as other users.
CVE-2005-2308 1 Microsoft 1 Ie 2026-04-16 N/A
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
CVE-2005-2309 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 8.01 allows remote attackers to cause a denial of service (CPU consumption) via a crafted JPEG image, as demonstrated using random.jpg.
CVE-2005-2310 1 Nullsoft 1 Winamp 2026-04-16 N/A
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVE-2005-2311 1 Sms 1 Sms 2026-04-16 N/A
SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.
CVE-2005-2312 1 Realnode 1 Emilda 2026-04-16 N/A
management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.