Export limit exceeded: 345229 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345229 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2026-04-16 | N/A |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | ||||
| CVE-2005-0428 | 1 Powerdns | 1 Powerdns | 2026-04-16 | N/A |
| The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | ||||
| CVE-2005-0429 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | ||||
| CVE-2005-0430 | 1 Id Software | 1 Quake 3 Engine | 2026-04-16 | N/A |
| The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | ||||
| CVE-2005-0431 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2026-04-16 | N/A |
| Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. | ||||
| CVE-2005-0432 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks. | ||||
| CVE-2005-0434 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. | ||||
| CVE-2005-0435 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | ||||
| CVE-2005-0436 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | ||||
| CVE-2005-0437 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. | ||||
| CVE-2005-0438 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | ||||
| CVE-2005-0439 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names. | ||||
| CVE-2005-0440 | 1 Stefan Ritt | 1 Elog Web Logbook | 2026-04-16 | N/A |
| ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL. | ||||
| CVE-2005-0443 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. | ||||
| CVE-2005-0444 | 1 Vmware | 1 Workstation | 2026-04-16 | N/A |
| VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries using a path that includes the rrdharan world-writable temporary directory, which allows local users to execute arbitrary code. | ||||
| CVE-2005-0445 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. | ||||
| CVE-2005-0447 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets. | ||||
| CVE-2005-0448 | 2 Larry Wall, Redhat | 2 Perl, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | ||||
| CVE-2005-0449 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2026-04-16 | N/A |
| The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function. | ||||
| CVE-2005-0450 | 1 Sami | 1 Sami Http Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) "%2e%2e" (encoded dot dot) sequences. | ||||