Export limit exceeded: 359575 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359575 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1145 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146 | ||||
| CVE-2005-1146 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145 | ||||
| CVE-2005-1147 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. | ||||
| CVE-2005-1148 | 1 Calendarscript | 1 Calendarscript | 2026-04-16 | N/A |
| calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | ||||
| CVE-2005-1149 | 1 Acnews | 1 Acnews | 2026-04-16 | N/A |
| SQL injection vulnerability in admin/login.asp in aspclick.it ACNews 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | ||||
| CVE-2005-1150 | 1 Sun | 1 Java System Web Server | 2026-04-16 | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang). | ||||
| CVE-2005-1151 | 1 Debian | 1 Qpopper | 2026-04-16 | N/A |
| qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. | ||||
| CVE-2005-1152 | 1 Debian | 1 Qpopper | 2026-04-16 | N/A |
| popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions. | ||||
| CVE-2005-1155 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking." | ||||
| CVE-2005-1156 | 3 Mozilla, Netscape, Redhat | 4 Firefox, Mozilla, Navigator and 1 more | 2026-04-16 | N/A |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1." | ||||
| CVE-2005-1158 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2026-04-16 | N/A |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | ||||
| CVE-2005-1168 | 1 Musicmatch | 1 Jukebox | 2026-04-16 | N/A |
| DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. | ||||
| CVE-2005-1161 | 1 Oneworldstore | 1 Oneworldstore | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp. | ||||
| CVE-2005-1162 | 1 Oneworldstore | 1 Oneworldstore | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp. | ||||
| CVE-2005-1163 | 1 Yager Development | 1 Yager Game | 2026-04-16 | N/A |
| Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data. | ||||
| CVE-2005-1164 | 1 Yager Development | 1 Yager Game | 2026-04-16 | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length. | ||||
| CVE-2005-1165 | 1 Yager Development | 1 Yager Game | 2026-04-16 | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data. | ||||
| CVE-2005-1166 | 1 Dameware Development | 2 Dameware Nt Utilities, Miniremote Control | 2026-04-16 | N/A |
| The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. | ||||
| CVE-2005-1167 | 1 Musicmatch | 1 Jukebox | 2026-04-16 | N/A |
| Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information. | ||||
| CVE-2005-1170 | 1 Datenbank Module | 1 Datenbank Module | 2026-04-16 | N/A |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||