Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1960 | 1 C.j. Steele | 1 Tattle | 2025-04-03 | N/A |
| The getemails function in C.J. Steele Tattle allows remote attackers to execute arbitrary commands via shell metacharacters in certain log entries, as demonstrated using shell metacharacters in an FTP username. | ||||
| CVE-2005-1970 | 1 Symantec | 1 Pcanywhere | 2025-04-03 | N/A |
| Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature. | ||||
| CVE-2005-1973 | 1 Sun | 1 J2se | 2025-04-03 | N/A |
| Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges. | ||||
| CVE-2005-2014 | 1 Php Arena | 1 Pafaq | 2025-04-03 | N/A |
| The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | ||||
| CVE-2005-1992 | 2 Redhat, Yukihiro Matsumoto | 2 Enterprise Linux, Ruby | 2025-04-03 | N/A |
| The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | ||||
| CVE-2005-1993 | 2 Redhat, Todd Miller | 2 Enterprise Linux, Sudo | 2025-04-03 | N/A |
| Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. | ||||
| CVE-2005-2539 | 1 Flatnuke | 1 Flatnuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. | ||||
| CVE-2005-1998 | 1 Mcgallery | 1 Mcgallery | 2025-04-03 | N/A |
| Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | ||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2025-04-03 | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | ||||
| CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2025-04-03 | N/A |
| paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | ||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2025-04-03 | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | ||||
| CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2025-04-03 | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | ||||
| CVE-2005-2032 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. | ||||
| CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | ||||
| CVE-2005-2042 | 1 Ajax-spell | 1 Ajax-spell | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML tags. | ||||
| CVE-2002-1137 | 1 Microsoft | 2 Data Engine, Sql Server | 2025-04-03 | N/A |
| Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644. | ||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2025-04-03 | N/A |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | ||||
| CVE-2005-2521 | 1 Apple | 1 Mac Os X | 2025-04-03 | N/A |
| Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors. | ||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | ||||
| CVE-2005-1299 | 1 Inserter.cgi | 1 Inserter.cgi | 2025-04-03 | N/A |
| The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | ||||