Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-3299 1 Metalheadws 1 Usenet 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Usenet Script 0.5 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
CVE-2005-2526 2 Apple, Easy Software Products 2 Mac Os X, Cups 2026-04-16 N/A
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
CVE-2005-2529 1 Sun 1 Java 2026-04-16 N/A
Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."
CVE-2005-2530 1 Sun 1 Java 2026-04-16 N/A
Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."
CVE-2005-2531 1 Openvpn 1 Openvpn 2026-04-16 N/A
OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.
CVE-2005-2532 1 Openvpn 1 Openvpn 2026-04-16 N/A
OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.
CVE-2005-2533 1 Openvpn 1 Openvpn 2026-04-16 N/A
OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.
CVE-2005-3303 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
CVE-2005-2562 1 Gravity Board X Development Team 1 Gravity Board X 2026-04-16 N/A
SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field.
CVE-2005-2563 1 Gravity Board X Development Team 1 Gravity Board X 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template.
CVE-2005-3310 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
CVE-2005-3733 1 Juniper 8 Junos E, Junos J, Junos M and 5 more 2026-04-16 N/A
The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.
CVE-2005-2564 1 Gravity Board X Development Team 1 Gravity Board X 2026-04-16 N/A
Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file.
CVE-2005-2565 1 Gravity Board X Development Team 1 Gravity Board X 2026-04-16 N/A
Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message.
CVE-2005-2566 1 Openbb 1 Openbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php.
CVE-2005-3311 1 Bmc 1 Software Control-m Agent 2026-04-16 N/A
BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2005-2567 1 Syscp Team 1 Syscp 2026-04-16 N/A
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
CVE-2005-3312 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.
CVE-2005-3734 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
CVE-2005-2568 1 Syscp Team 1 Syscp 2026-04-16 N/A
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.