Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1063 1 Kerio 3 Kerio Mailserver, Personal Firewall, Winroute Firewall 2025-04-03 N/A
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations."
CVE-2005-1152 1 Debian 1 Qpopper 2025-04-03 N/A
popauth.c in qpopper 4.0.5 and earlier does not properly set the umask, which may cause qpopper to create files with group or world-writable permissions.
CVE-2002-0537 1 Stepweb 1 Sws 2025-04-03 N/A
The admin.html file in StepWeb Search Engine (SWS) 2.5 stores passwords in links to manager.pl, which allows remote attackers who can access the admin.html file to gain administrative privileges to SWS.
CVE-2002-1494 1 Aestiva 1 Html Os 2025-04-03 N/A
Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.
CVE-2002-1635 1 Oracle 1 Application Server 2025-04-03 N/A
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
CVE-2002-1654 2 Iplanet, Netscape 2 Iplanet Web Server, Enterprise Server 2025-04-03 N/A
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may make it easier to conduct brute force password guessing without detection.
CVE-2005-1159 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2025-04-03 N/A
The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.
CVE-2005-1176 1 Ibm 1 Aix 2025-04-03 N/A
Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.
CVE-2005-1186 1 Musicmatch 1 Jukebox 2025-04-03 N/A
Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.
CVE-2002-0539 1 Demarc Security 1 Puresecure 2025-04-03 N/A
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
CVE-2005-1196 1 Phpbb Group 1 Phpbb 2025-04-03 N/A
SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.
CVE-2005-1197 1 Oracle 1 Database Server 2025-04-03 N/A
SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.
CVE-2005-1198 1 Anaconda Partners 1 Foundation Directory 2025-04-03 N/A
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.
CVE-2005-1199 1 Infopop 1 Ultimate Bulletin Board 2025-04-03 N/A
SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.
CVE-2005-1220 1 Knusperleicht 1 Shoutbox Script 2025-04-03 N/A
Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.
CVE-2005-1222 1 Netref 1 Netref 2025-04-03 N/A
cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.
CVE-2005-4858 1 Chitta 1 Mimicboard 2 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element.
CVE-2005-1286 1 Softwin 1 Bitdefender Antivirus 2025-04-03 N/A
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
CVE-2005-1289 1 E-cart 1 E-cart 2025-04-03 N/A
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
CVE-2005-1290 1 Phpbb Group 1 Phpbb 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.