Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2785 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | N/A |
| cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information. | ||||
| CVE-2005-2776 | 1 Looking Glass | 1 Looking Glass | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php. | ||||
| CVE-2005-2777 | 1 Looking Glass | 1 Looking Glass | 2025-04-03 | N/A |
| Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field. | ||||
| CVE-2005-2778 | 1 Mybulletinboard | 1 Mybulletinboard | 2025-04-03 | N/A |
| SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter. | ||||
| CVE-2005-2779 | 1 Itan Online-banking Security System | 1 Itan Online-banking Security System | 2025-04-03 | N/A |
| The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack. | ||||
| CVE-2005-2780 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature. | ||||
| CVE-2005-2781 | 1 Ilia Alshanetsky | 1 Fudforum | 2025-04-03 | N/A |
| The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code. | ||||
| CVE-2005-2782 | 1 Autolinks | 1 Autolinks | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs. | ||||
| CVE-2005-2783 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. | ||||
| CVE-2005-2784 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | N/A |
| SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors. | ||||
| CVE-2005-2786 | 1 Cosmoshop | 1 Cosmoshop | 2025-04-03 | N/A |
| Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | ||||
| CVE-2005-2787 | 1 Alexander Palmo | 1 Simple Php Blog | 2025-04-03 | N/A |
| comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter. | ||||
| CVE-2005-2788 | 1 Neocrome | 1 Land Down Under | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php. | ||||
| CVE-2005-2789 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2025-04-03 | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username. | ||||
| CVE-2005-2790 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2025-04-03 | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | ||||
| CVE-2005-2791 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2025-04-03 | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command. | ||||
| CVE-2005-2812 | 1 Man2web | 1 Man2web | 2025-04-03 | N/A |
| man2web allows remote attackers to execute arbitrary commands via -P arguments. | ||||
| CVE-2005-2794 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | ||||
| CVE-2005-2796 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | ||||
| CVE-2005-2797 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality. | ||||