Export limit exceeded: 345229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1648 | 1 Gurgens | 1 Gurgens Ultimate Forum | 2026-04-16 | N/A |
| Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | ||||
| CVE-2005-1650 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | ||||
| CVE-2005-1651 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter. | ||||
| CVE-2005-1652 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter. | ||||
| CVE-2005-1653 | 1 Woppoware | 1 Postmaster | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2005-1663 | 1 Jeuce | 1 Jeuce Personal Web Server | 2026-04-16 | N/A |
| Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://". | ||||
| CVE-2005-1655 | 1 Aol | 1 Instant Messenger | 2026-04-16 | N/A |
| AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag. | ||||
| CVE-2005-1656 | 1 Mercur | 1 Mercur Messaging | 2026-04-16 | N/A |
| Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20"). | ||||
| CVE-2005-1657 | 1 Mercur | 1 Mercur Messaging | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml. | ||||
| CVE-2005-1658 | 1 Myserver | 1 Myserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot). | ||||
| CVE-2005-1659 | 1 Myserver | 1 Myserver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. | ||||
| CVE-2005-1660 | 1 Htmljunction | 1 Ezguestbook | 2026-04-16 | N/A |
| HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password. | ||||
| CVE-2005-1661 | 1 Jeuce | 1 Jeuce Personal Web Server | 2026-04-16 | N/A |
| Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow. | ||||
| CVE-2005-1662 | 1 Jeuce | 1 Jeuce Personal Web Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2005-1665 | 1 Microsoft | 1 Asp.net | 2026-04-16 | N/A |
| The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. | ||||
| CVE-2005-1667 | 1 Datatrac | 1 Activity Console | 2026-04-16 | N/A |
| DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. | ||||
| CVE-2005-1668 | 1 Yusasp | 1 Web Asset Manager | 2026-04-16 | N/A |
| YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp. | ||||
| CVE-2005-1669 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains. | ||||
| CVE-2005-1670 | 1 Extremenetworks | 3 Blackdiamond 10808, Blackdiamond 8800, Extremeware Xos | 2026-04-16 | N/A |
| Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches running ExtremeWare XOS 11.1 before 11.1.3.3, 11.0 before 11.0.2.4, and 10.x allows remote authenticated users to execute arbitrary commands. | ||||
| CVE-2005-1671 | 1 Yahoo | 1 Messenger | 2026-04-16 | N/A |
| The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. | ||||