Search Results (363335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3049 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file.
CVE-2005-3050 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message.
CVE-2005-3051 1 Igor Pavlov 1 7-zip 2026-04-16 N/A
Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for 7-Zip 3.13, 4.23, and 4.26 BETA, as used in products including Turbo Searcher, allows remote attackers to execute arbitrary code via a large ARJ block.
CVE-2005-3052 1 Jportal 1 Jportal Web Portal 2026-04-16 N/A
SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php.
CVE-2005-3053 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.
CVE-2001-0937 1 Matt Wright 1 Pgpmail.pl 2026-04-16 N/A
PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) recipient or (2) pgpuserid parameters.
CVE-2002-1890 1 Redhat 1 Rhmask 2026-04-16 N/A
rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbitrary files via a symlink attack on the mask file.
CVE-2005-3054 1 Php 1 Php 2026-04-16 N/A
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
CVE-2005-3055 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2026-04-16 N/A
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
CVE-2005-3057 1 Fortinet 2 Fortigate, Fortios 2026-04-16 N/A
The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.
CVE-2005-3058 1 Fortinet 2 Fortigate, Fortios 2026-04-16 N/A
Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.
CVE-2005-3059 3 Linux, Microsoft, Opera 3 Linux Kernel, Windows, Opera Browser 2026-04-16 N/A
Multiple unspecified vulnerabilities in Opera 8.50 on Linux and Windows have unknown impact and attack vectors, related to (1) " handling of must-revalidate cache directive for HTTPS pages" or (2) a "display issue with cookie comment encoding."
CVE-2005-3060 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.
CVE-2005-3653 2 Broadcom, Ca 34 Brightstor Arcserve Backup, Brightstor Arcserve Backup Laptops Desktops, Brightstor Portal and 31 more 2026-04-16 N/A
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
CVE-2005-3061 1 Powerarchiver 4 Powerarchiver 2002, Powerarchiver 2003, Powerarchiver 2004 and 1 more 2026-04-16 N/A
Multiple stack-based buffer overflows in PowerArchiver 8.10 through 9.5 Beta 4 and Beta 5 allow remote attackers to execute arbitrary code via a long filename in a (1) ACE or (2) ARJ archive.
CVE-2005-3062 1 Alstrasoft 1 E-friends 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter.
CVE-2005-3063 1 Unu Networks 1 Mailgust 2026-04-16 N/A
SQL injection vulnerability in MailGust 1.9 allows remote attackers to execute arbitrary SQL commands via the email field on the password reminder page.
CVE-2005-1635 1 Jgs-xa 1 Jgs-portal 2026-04-16 N/A
JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain the full server path via direct requests to (1) jgs_portal_ref.php, (2) jgs_portal_land.php, (3) jgs_portal_log.php, (4) jgs_portal_global_sponsor.php, (5) jgs_portal_global.php, (6) jgs_portal_system.php, (7) jgs_portal_views.php; or multiple files in the jgs_portal_include directory, including (8) jgs_portal_boardmenue.php, (9) jgs_portal_forenliste.php, (10) jgs_portal_geburtstag.php, (11) jgs_portal_guckloch.php, (12) jgs_portal_kalender.php, (13) jgs_portal_letztethemen.php, (14) jgs_portal_links.php, (15) jgs_portal_neustemember.php, (16) jgs_portal_newsboard.php, (17) jgs_portal_online.php, (18) jgs_portal_pn.php, (19) jgs_portal_portalmenue.php, (20) jgs_portal_styles.php, (21) jgs_portal_suchen.php, (22) jgs_portal_team.php, (23) jgs_portal_topforen.php, (24) jgs_portal_topposter.php, (25) jgs_portal_umfrage.php, (26) jgs_portal_useravatar.php, (27) jgs_portal_waronline.php, (28) jgs_portal_woonline.php, or (29) jgs_portal_zufallsavatar.php.
CVE-2005-3064 1 Multitheftauto 1 Multitheftauto 2026-04-16 N/A
MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).
CVE-2005-3654 1 Bluecoat 1 Webproxy 2026-04-16 N/A
Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap.