Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2001-1127 1 Progress 1 Progress 2025-04-03 N/A
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
CVE-2005-4569 1 Floosietek 1 Ftgate 2025-04-03 N/A
Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value.
CVE-2005-4430 1 Logicnow 1 Logicbill 2025-04-03 N/A
SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.
CVE-2005-3797 1 Alstrasoft 1 Template Seller 2025-04-03 N/A
PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.
CVE-2005-3795 1 Alstrasoft 1 Affiliate Network Pro 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php.
CVE-2005-4582 1 Scott Draves 1 Electric Sheep 2025-04-03 N/A
Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file. NOTE: the same attack vectors apply to common web browsers that are able to communicate with untrusted web servers, and other problems related to DNS design issues. Therefore this may not be a specific vulnerability. However, a client would reasonably expect to receive content only from the server.
CVE-2005-4584 1 Bzflag 1 Bzflag Server 2025-04-03 N/A
BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character.
CVE-2005-4594 1 Tugzip 1 Tugzip 2025-04-03 N/A
Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
CVE-2005-4595 1 Gentoo 2 Nview, Xnview 2025-04-03 N/A
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
CVE-2005-4599 1 Moxiecode 1 Tinymce Compressor Php 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.
CVE-2005-4602 1 Mybulletinboard 1 Mybulletinboard 2025-04-03 N/A
SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.
CVE-2005-4610 1 Dopewars 1 Dopewars 2025-04-03 N/A
Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors.
CVE-2005-4621 1 Jelsoft 1 Vbulletin 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.
CVE-2005-4622 1 Efilego 1 Efilego 2025-04-03 N/A
Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe.
CVE-2005-3794 1 Alstrasoft 1 Affiliate Network Pro 2025-04-03 N/A
AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.
CVE-2005-4624 1 Ptnet 1 Ptnet Ircd 2025-04-03 N/A
The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users.
CVE-2006-2352 1 Ipswitch 1 Whatsup Professional 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in IPswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 Premium allow remote attackers to inject arbitrary web script or HTML via unknown vectors in (1) NmConsole/Tools.asp and (2) NmConsole/DeviceSelection.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4687 2 F-art Agency, Punbb 2 Blog Cms, Punbb 2025-04-03 N/A
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVE-2005-4694 1 Plain Black 1 Webgui 2025-04-03 N/A
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.
CVE-2005-4700 1 Tellme 1 Tellme 2025-04-03 N/A
TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.