Search Results (363371 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2110 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
CVE-2005-3168 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
CVE-2005-2111 1 Community Link Pro Web Editor 1 Community Link Pro Web Editor 2026-04-16 N/A
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
CVE-2005-2112 1 Xoops 1 Xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
CVE-2005-2139 1 Pavsta 1 Pavsta Auto Site 2026-04-16 N/A
PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter.
CVE-2005-2140 1 Fsboard 1 Fsboard 2026-04-16 N/A
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.
CVE-2005-2141 1 Jollybox.de 1 Tcp Chat 2026-04-16 N/A
TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow.
CVE-2005-3171 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
CVE-2005-2142 1 Kmint21 Software 1 Golden Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
CVE-2005-3172 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
CVE-2005-2144 1 Prevx 1 Prevx Pro 2005 2026-04-16 N/A
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
CVE-2005-2145 1 Prevx 1 Prevx Pro 2005 2026-04-16 N/A
The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message.
CVE-2005-3173 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
CVE-2005-3174 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
CVE-2005-2146 1 Ssh 1 Tectia Server 2026-04-16 N/A
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
CVE-2005-3175 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
CVE-2005-3176 1 Microsoft 1 Windows 2000 2026-04-16 N/A
Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
CVE-2005-2148 1 The Cacti Group 1 Cacti 2026-04-16 N/A
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php.
CVE-2005-2149 1 The Cacti Group 1 Cacti 2026-04-16 N/A
config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks.
CVE-2005-3180 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does not properly clear memory from a previously used packet whose length is increased, which allows remote attackers to obtain sensitive information.