Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3389 2 Php, Redhat 4 Php, Enterprise Linux, Rhel Stronghold and 1 more 2026-04-16 N/A
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
CVE-2005-0596 1 Php 1 Php 2026-04-16 N/A
PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.
CVE-2005-3822 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
CVE-2005-3390 2 Php, Redhat 4 Php, Enterprise Linux, Rhel Stronghold and 1 more 2026-04-16 N/A
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.
CVE-2005-3823 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.
CVE-2005-3392 1 Php 1 Php 2026-04-16 N/A
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
CVE-2005-3824 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.
CVE-2005-3825 1 Comdev 1 Comdev Vote Caster 2026-04-16 N/A
SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.
CVE-2005-3393 1 Openvpn 2 Openvpn, Openvpn Access Server 2026-04-16 N/A
Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.
CVE-2005-3826 1 Ezy Helpdesk 1 Ezyhelpdesk 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter.
CVE-2005-3394 1 Oaboard 1 Oaboard 2026-04-16 N/A
Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.
CVE-2005-3395 1 Invision Power Services 1 Invision Gallery 2026-04-16 N/A
SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2005-3827 1 Agileco 1 Agilebill 2026-04-16 N/A
SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-0626 2 Redhat, Squid 2 Enterprise Linux, Squid 2026-04-16 N/A
Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the Netscape Set-Cookie recommendations for handling cookies in caches, may cause Set-Cookie headers to be sent to other users, which allows attackers to steal the related cookies.
CVE-2005-3418 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.
CVE-2005-0637 1 Openbsd 1 Openbsd 2026-04-16 N/A
The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.
CVE-2005-3419 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.
CVE-2005-0638 4 Altlinux, Redhat, Suse and 1 more 4 Alt Linux, Enterprise Linux, Suse Linux and 1 more 2026-04-16 N/A
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command.
CVE-2005-3420 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.
CVE-2005-3856 1 Krusader 1 Krusader 2026-04-16 N/A
The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.