Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1373 1 Dream4 1 Koobi Cms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.
CVE-2005-1374 1 Claroline 1 Claroline 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
CVE-2005-2947 1 Killprocess 1 Killprocess 2026-04-16 N/A
Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource.
CVE-2005-1381 1 Oracle 1 Application Server Web Cache 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
CVE-2005-2948 1 Killprocess 1 Killprocess 2026-04-16 N/A
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
CVE-2005-1386 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message.
CVE-2005-2949 1 Mark D. Roth 1 Pam Per User 2026-04-16 N/A
pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login.
CVE-2005-1391 1 Apsis 1 Pound 2026-04-16 N/A
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.
CVE-2005-2950 1 Sawmill 1 Sawmill 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request.
CVE-2005-1402 1 Mtp-target 1 Mtp-target 2026-04-16 N/A
Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.
CVE-2005-1407 1 Skype Technologies 1 Skype 2026-04-16 N/A
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
CVE-2005-2951 1 Azerbaijan Development Group 1 Azdgdating 2026-04-16 N/A
Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement.
CVE-2005-1409 2 Postgresql, Redhat 2 Postgresql, Enterprise Linux 2026-04-16 N/A
PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."
CVE-2005-2952 1 Subscribe Me Pro 1 Subscribe Me Pro 2026-04-16 N/A
Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter.
CVE-2005-1416 1 Soft3304 1 04webserver 2026-04-16 N/A
Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder.
CVE-2005-2953 1 Miva 1 Miva Merchant 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter.
CVE-2005-2954 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field.
CVE-2005-1451 1 S9y 1 Serendipity 2026-04-16 N/A
The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.
CVE-2005-1453 1 Leafnode 1 Leafnode 2026-04-16 N/A
fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.
CVE-2005-1454 2 Freeradius, Redhat 2 Freeradius, Enterprise Linux 2026-04-16 N/A
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration entries.