Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1238 1 Ibm 1 Iseries As 400 2026-04-16 N/A
By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.
CVE-2005-2664 1 Whisper32 1 Whisper32 2026-04-16 N/A
Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.
CVE-2005-1239 1 Raz-lee 1 Security\+\+\+ 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2005-2665 2 Elm Development Group, Redhat 2 Elm, Enterprise Linux 2026-04-16 N/A
Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.
CVE-2005-1240 1 Castlehill 1 Secure Net 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2005-1241 1 Powertech 1 Powerlock Networksecurity 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2005-1242 1 Bsafe 1 Global Security 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2005-2666 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.
CVE-2005-1243 1 Safestone Technologies 1 Axcessit 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.
CVE-2005-1244 1 Netiq 1 Pssecure 2026-04-16 N/A
Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable.
CVE-2005-1245 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-0687 5 Openbsd, Redhat, Suse and 2 more 6 Openbsd, Enterprise Linux, Network Satellite and 3 more 2026-04-16 N/A
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
CVE-2005-1246 1 Vladislav Bogdanov 1 Snmppd 2026-04-16 N/A
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
CVE-2004-0813 2 Ide-cd, Redhat 2 Ide-cd, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.
CVE-2004-0821 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
CVE-2004-0850 1 Joerg Schilling 1 Star Tape Archiver 2026-04-16 N/A
Star before 1.5_alpha46 does not drop the effective user ID (euid) before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious program.
CVE-2004-0867 4 Kde, Microsoft, Mozilla and 1 more 5 Konqueror, Ie, Internet Explorer and 2 more 2026-04-16 N/A
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
CVE-2004-0880 3 Gentoo, Getmail, Slackware 3 Linux, Getmail, Slackware Linux 2026-04-16 N/A
getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
CVE-2004-0881 3 Gentoo, Getmail, Slackware 3 Linux, Getmail, Slackware Linux 2026-04-16 N/A
getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
CVE-2005-1256 1 Ipswitch 3 Imail, Imail Server, Ipswitch Collaboration Suite 2026-04-16 N/A
Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allows remote authenticated users to execute arbitrary code via a STATUS command with a long mailbox name.