Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2006 1 Jboss 1 Jboss 2026-04-16 N/A
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
CVE-2005-3153 1 Mywebland 1 Mybloggie 2026-04-16 N/A
login.php in myBloggie 2.1.3 beta and earlier allows remote attackers to bypass a whitelist regular expression and conduct SQL injection attacks via a username parameter with SQL after a null character, which causes the whitelist check to succeed but injects the SQL into a query string, a different vulnerability than CVE-2005-2838. NOTE: it is possible that this is actually a bug in PHP code, in which case this should not be treated as a myBloggie vulnerability.
CVE-2005-2017 1 Symantec 1 Norton Antivirus 2026-04-16 N/A
Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540.
CVE-2005-2027 1 Enterasys 1 Vertical Horizon-2402s 2026-04-16 N/A
Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.
CVE-2005-2031 1 Socialmpn 1 Socialmpn 2026-04-16 N/A
Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php.
CVE-2005-3155 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-16 N/A
Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code.
CVE-2005-3156 1 Easyguppy 1 Easyguppy 2026-04-16 N/A
Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy for Windows) 4.5.4 and 4.5.5 allows remote attackers to read arbitrary files via ".." sequences in the pg parameter, which is cleansed for XSS but not directory traversal.
CVE-2005-3157 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
CVE-2005-2044 1 Adaptive Technology Resource Centre 1 Atutor 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php.
CVE-2005-2107 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter.
CVE-2005-3166 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL.
CVE-2005-2108 1 Wordpress 1 Wordpress 2026-04-16 N/A
SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
CVE-2005-2109 1 Wordpress 1 Wordpress 2026-04-16 N/A
wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
CVE-2005-3167 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2005-2110 1 Wordpress 1 Wordpress 2026-04-16 N/A
WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
CVE-2005-3168 1 Microsoft 1 Windows 2000 2026-04-16 N/A
The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
CVE-2005-2111 1 Community Link Pro Web Editor 1 Community Link Pro Web Editor 2026-04-16 N/A
login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
CVE-2005-2112 1 Xoops 1 Xoops 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php.
CVE-2005-2139 1 Pavsta 1 Pavsta Auto Site 2026-04-16 N/A
PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter.
CVE-2005-2140 1 Fsboard 1 Fsboard 2026-04-16 N/A
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.