Export limit exceeded: 359892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3753 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker. | ||||
| CVE-2005-3754 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message. | ||||
| CVE-2005-3755 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-16 | N/A |
| Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. | ||||
| CVE-2005-3756 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-16 | N/A |
| Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error messages to determine open and closed ports. | ||||
| CVE-2005-3757 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-16 | N/A |
| The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as (1) system-property, (2) sys:getProperty, and (3) run:exec. | ||||
| CVE-2005-3758 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via a proxystylesheet variable that contains a malicious XSLT style sheet. | ||||
| CVE-2005-3759 | 1 Horde | 1 Horde | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) gzip/tar and (2) css MIME viewers, which do not filter or escape dangerous HTML when extracting and displaying attachments. | ||||
| CVE-2005-3761 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer. | ||||
| CVE-2005-3762 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. | ||||
| CVE-2005-3763 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability. | ||||
| CVE-2005-3764 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML. | ||||
| CVE-2005-3765 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2005-3766 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files. | ||||
| CVE-2005-3767 | 1 Exponent | 1 Exponent | 2026-04-16 | N/A |
| Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files. | ||||
| CVE-2005-3776 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system. | ||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | ||||
| CVE-2005-3522 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. | ||||
| CVE-2005-3523 | 1 Gpsdrive | 1 Gpsdrive | 2026-04-16 | N/A |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. | ||||
| CVE-2005-3524 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2026-04-16 | N/A |
| Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. | ||||
| CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2026-04-16 | N/A |
| Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | ||||