Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2575 1 Xmb Forum 1 Xmb 2025-04-03 N/A
SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows remote attackers to execute arbitrary SQL commands via certain values that are inserted into the $in variable.
CVE-2005-2583 1 Mentor 1 Adslfr4ii 2025-04-03 N/A
Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access.
CVE-2005-2584 1 Mentor 1 Adslfr4ii 2025-04-03 N/A
The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access.
CVE-2005-2585 1 Mentor 1 Adslfr4ii 2025-04-03 N/A
Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan.
CVE-2005-2587 1 Phptb 1 Topic Boards 2025-04-03 N/A
SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter.
CVE-2005-2591 1 Parlano 1 Mindalign 2025-04-03 N/A
Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability.
CVE-2005-2592 1 Parlano 1 Mindalign 2025-04-03 N/A
Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors.
CVE-2005-2593 1 Parlano 1 Mindalign 2025-04-03 N/A
Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors.
CVE-2005-2595 1 Dada Mail 1 Dada Mail 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 Alpha 1 allows remote attackers to execute arbitrary Javascript via archived messages.
CVE-2002-1973 2 Microsoft, Working Resources Inc. 2 Foundation Class Library, Badblue 2025-04-03 N/A
Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (Isapi.cpp) when built using Microsoft Foundation Class (MFC) static libraries in Visual C++ 5.0, and 6.0 before SP3, as used in multiple products including BadBlue, allows remote attackers to cause a denial of service (access violation and crash) and possibly execute arbitrary code via a long query string that causes a parsing error.
CVE-2005-2604 1 My Image Gallery 1 My Image Gallery 2025-04-03 N/A
index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message.
CVE-2005-2605 1 Omnipilot Software 1 Lasso Professional Server 2025-04-03 N/A
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.
CVE-2005-2606 1 Phlymail 1 Phlymail 2025-04-03 N/A
Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors.
CVE-2005-2607 1 Phpsimplicity 1 Simplicity Of Upload 2025-04-03 N/A
PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters.
CVE-2005-2615 1 Eqdkp 1 Eqdkp 2025-04-03 N/A
Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id.
CVE-2005-2617 1 Linux 1 Linux Kernel 2025-04-03 N/A
The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory leak via a 32-bit application with crafted ELF headers.
CVE-2005-2616 1 Ezupload 1 Ezupload 2025-04-03 N/A
Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php.
CVE-2005-2624 1 Cpaint 1 Cpaint 2025-04-03 N/A
Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.
CVE-2005-2625 1 Cpaint 1 Cpaint 2025-04-03 N/A
Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist.
CVE-2005-2626 1 Kismet 1 Kismet 2025-04-03 N/A
Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID.