Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2716 1 Nokia 1 Affix 2025-04-03 N/A
The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name.
CVE-2005-2720 1 Hauri 4 Livecall, Virobot Advanced Server, Virobot Expert and 1 more 2025-04-03 N/A
Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename.
CVE-2005-2722 1 Foojan 1 Php Weblog 2025-04-03 N/A
Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message.
CVE-2005-2727 1 Ari Pikivirta 1 Home Ftp Server 2025-04-03 N/A
Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst.
CVE-2005-2731 1 Astaro 1 Security Linux 2025-04-03 N/A
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl.
CVE-2006-0546 1 Egeinternet 1 Egeinternet 2025-04-03 N/A
Unspecified vulnerability in index.php in a certain application available from /v1/tr/portfoy.php on www.egeinternet.com allows remote attackers to execute arbitrary code via "evilcode" in the key parameter, possibly a PHP remote file include vulnerability in which the attack vector is a URL in the key parameter. NOTE: it is not clear whether this vulnerability is associated with an online service or application service provider. If so, then it should not be included in CVE.
CVE-2005-2732 1 Awstats 1 Awstats 2025-04-03 N/A
AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message.
CVE-2006-0547 1 Oracle 1 Database Server 2025-04-03 N/A
Oracle Database 8i, 9i, and 10g allow remote authenticated users to execute arbitrary SQL statements in the context of the SYS user and bypass audit logging, including statements to create new privileged database accounts, via a modified AUTH_ALTER_SESSION attribute in the authentication phase of the Transparent Network Substrate (TNS) protocol. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that this issue has been addressed by Oracle. It is possible that this is the same issue as Oracle Vuln# DB18 from the January 2006 CPU, in which case this would be subsumed by CVE-2006-0265.
CVE-2005-2735 1 Phpgraphy 1 Phpgraphy 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
CVE-2005-2736 1 Yapig 1 Yapig 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
CVE-2005-2739 1 Apple 2 Mac Os X, Mac Os X Server 2025-04-03 N/A
Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.
CVE-2005-2788 1 Neocrome 1 Land Down Under 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php.
CVE-2005-2789 1 Bfcommand And Control Software 2 Bfcc, Bfvcc 2025-04-03 N/A
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username.
CVE-2005-2790 1 Bfcommand And Control Software 2 Bfcc, Bfvcc 2025-04-03 N/A
BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client.
CVE-2005-2797 1 Openbsd 1 Openssh 2025-04-03 N/A
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
CVE-2005-2805 1 E107 1 E107 2025-04-03 N/A
forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
CVE-2006-1242 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before 2.6.16 increments the IP ID field when sending a RST after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended protections against such attacks.
CVE-2006-1480 1 Duda 1 Webalbum 2025-04-03 N/A
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. (dot dot) sequence and a trailing null (%00) byte in the skin2 COOKIE parameter.
CVE-2005-2807 1 Frox 1 Frox 2025-04-03 N/A
frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.
CVE-2006-0552 1 Oracle 12 10g Enterprise Manager Grid Control, Application Server, Collaboration Suite and 9 more 2025-04-03 N/A
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.