Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2006-4592 1 8pixel.net 1 Simple Blog 2025-04-03 N/A
Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple Blog 2.3 and earlier allows remote attackers to conduct SQL injection attacks via ">" characters in the id parameter, which are not filtered by the protection mechanism.
CVE-2001-0500 1 Microsoft 3 Index Server, Indexing Service, Internet Information Server 2025-04-03 N/A
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVE-2005-3081 1 Wzdftpd 1 Wzdftpd 2025-04-03 N/A
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
CVE-2005-3082 1 Seo-board 1 Seo-board 2025-04-03 N/A
SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie.
CVE-2005-3086 1 Contentserv 1 Contentserv 2025-04-03 N/A
Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter.
CVE-2005-3091 1 Mantis 1 Mantis 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp".
CVE-2005-3090 1 Mantis 1 Mantis 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557.
CVE-2005-3098 1 Qualcomm 1 Qpopper 2025-04-03 N/A
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
CVE-2005-3099 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
CVE-2005-3108 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.
CVE-2005-3110 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.
CVE-2005-3111 1 Debian 1 Backupninja 2025-04-03 N/A
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
CVE-2005-1383 1 Oracle 1 Application Server 2025-04-03 N/A
The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.
CVE-2005-3118 1 William Stearns 1 Mason 2025-04-03 N/A
Mason before 1.0.0 does not install the init script after the user uses Mason to configure a firewall, which causes the system to run without a firewall after a reboot.
CVE-2005-3116 1 Symantec Veritas 1 Netbackup 2025-04-03 N/A
Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet.
CVE-2005-3127 1 Lucidcms 1 Lucidcms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2005-3137 1 Gnu 1 Cfengine 2025-04-03 N/A
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
CVE-2005-3138 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
CVE-2005-3139 1 Mozilla 1 Bugzilla 2025-04-03 N/A
Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.
CVE-2005-3146 2 Storebackup, Suse 2 Storebackup, Suse Linux 2025-04-03 N/A
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.