Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4418 1 Vserver 1 Util-vserver 2026-04-16 N/A
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.
CVE-2005-4419 1 Quicksquare Development 2 Honeycomb Archive, Honeycomb Archive Enterprise 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters.
CVE-2005-4420 1 Quicksquare Development 1 Honeycomb Archive Enterprise 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm.
CVE-2005-4421 1 Dev-editor 1 Dev-editor 2026-04-16 N/A
Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.
CVE-2005-4422 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums.
CVE-2005-4423 1 Phpfm 1 Phpfm 2026-04-16 N/A
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
CVE-2005-4424 1 Phpkit 1 Phpkit 2026-04-16 N/A
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
CVE-2005-4442 1 Openldap 1 Openldap 2026-04-16 N/A
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
CVE-2005-4445 1 David Harris 1 Pegasus Mail 2026-04-16 N/A
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
CVE-2005-4446 1 Aspbite 1 Aspbite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter.
CVE-2005-4449 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.
CVE-2005-4450 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.
CVE-2005-4451 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
CVE-2005-4452 1 Information Call Center 1 Information Call Center 2026-04-16 N/A
Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
CVE-1999-0004 3 Hp, Sco, University Of Washington 3 Dtmail, Unixware, Pine 2026-04-16 N/A
MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook.
CVE-1999-0009 11 Bsdi, Caldera, Data General and 8 more 13 Bsd Os, Openlinux, Dg Ux and 10 more 2026-04-16 N/A
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
CVE-1999-0018 3 Ibm, Sgi, Sun 4 Aix, Irix, Solaris and 1 more 2026-04-16 N/A
Buffer overflow in statd allows root privileges.
CVE-2002-2008 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.
CVE-2005-4463 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request to (1) wp-includes/vars.php, (2) wp-content/plugins/hello.php, (3) wp-admin/upgrade-functions.php, (4) wp-admin/edit-form.php, (5) wp-settings.php, and (6) wp-admin/edit-form-comment.php, which leaks the path in an error message related to undefined functions or failed includes. NOTE: the wp-admin/menu-header.php vector is already covered by CVE-2005-2110. NOTE: the vars.php, edit-form.php, wp-settings.php, and edit-form-comment.php vectors were also reported to affect WordPress 2.0.1.
CVE-2005-4473 1 Macromedia 1 Jrun 2026-04-16 N/A
Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web application source code via "a malformed URL."