Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1109 1 Junkbuster 1 Internet Junkbuster 2026-04-16 N/A
The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.
CVE-2005-3643 1 Ibm 1 Db2 Universal Database 2026-04-16 N/A
IBM DB2 Database server running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication and log on to the guest account without supplying a password.
CVE-2005-1120 1 Ilohamail 1 Ilohamail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.
CVE-2005-1121 2 Gentoo, Igor Khasilev 2 Linux, Oops Proxy Server 2026-04-16 N/A
Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.
CVE-2005-3650 1 First4internet Xcp Drm 1 First4internet Xcp Drm 2026-04-16 N/A
The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the First4Internet XCP DRM, has "safe for scripting" enabled, which allows remote attackers to execute arbitrary code by calling vulnerable functions such as RebootMachine, IsAdministrator, and ExecuteCode.
CVE-2005-1122 1 Monkey-project 1 Monkey 2026-04-16 N/A
Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").
CVE-2005-1123 1 Monkey-project 1 Monkey 2026-04-16 N/A
Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.
CVE-2005-3652 1 Citrix 1 Ica Program Neighborhood Client 2026-04-16 N/A
Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response.
CVE-2005-1124 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.
CVE-2005-1125 1 Avaya 1 Libsafe 2026-04-16 N/A
Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.
CVE-2005-1126 1 Freebsd 1 Freebsd 2026-04-16 N/A
The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory.
CVE-2005-1127 1 Postgrey 1 Postgrey 2026-04-16 N/A
Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.
CVE-2005-1128 1 Virtual Hosting Control System 1 Virtual Hosting Control System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.
CVE-2005-1129 1 Egroupware 1 Egroupware 2026-04-16 N/A
eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.
CVE-2005-1135 1 Alexander Palmo 1 Simple Php Blog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-1141 1 Optical Character Recognition Project 1 Optical Character Recognition 2026-04-16 9.8 Critical
Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow.
CVE-2005-1144 1 Easyphpcalendar 1 Easyphpcalendar 2026-04-16 N/A
popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message.
CVE-2005-1153 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.
CVE-2005-1154 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."
CVE-2005-1157 3 Mozilla, Netscape, Redhat 4 Firefox, Mozilla, Navigator and 1 more 2026-04-16 N/A
Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."