Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1025 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | N/A |
| The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | ||||
| CVE-2005-1027 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. | ||||
| CVE-2005-1064 | 1 Rsnapshot | 1 Filesystem Snapshot Utility | 2025-04-03 | N/A |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | ||||
| CVE-2005-1071 | 1 Jportal | 1 Jportal Web Portal | 2025-04-03 | N/A |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | ||||
| CVE-2005-1069 | 1 Scssboard | 1 Scssboard | 2025-04-03 | N/A |
| Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page." | ||||
| CVE-2005-1072 | 1 Punbb | 1 Punbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2005-1248 | 1 Apple | 1 Itunes | 2025-04-03 | N/A |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | ||||
| CVE-2005-1089 | 1 Dc\+\+ | 1 Dc\+\+ | 2025-04-03 | N/A |
| Unknown vulnerability in DC++ before 0.674 allows attackers to append data to arbitrary files. | ||||
| CVE-2005-1090 | 1 Maxthon | 1 Maxthon | 2025-04-03 | N/A |
| Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. | ||||
| CVE-2005-1091 | 1 Maxthon | 1 Maxthon | 2025-04-03 | N/A |
| Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page. | ||||
| CVE-2005-1092 | 1 Light Speed Technology | 1 Deluxeftp | 2025-04-03 | N/A |
| Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | ||||
| CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2025-04-03 | N/A |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | ||||
| CVE-2005-1129 | 1 Egroupware | 1 Egroupware | 2025-04-03 | N/A |
| eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. | ||||
| CVE-2005-1130 | 1 Desert Dog Software | 1 Pinnacle Cart | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. | ||||
| CVE-2005-1131 | 1 Symantec Veritas | 1 I3 Focalpoint Server | 2025-04-03 | N/A |
| Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact. | ||||
| CVE-2005-1132 | 1 Lg Electronics | 1 Lg Mobile Phone | 2025-04-03 | N/A |
| LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | ||||
| CVE-2005-1142 | 1 Gocr | 1 Optical Character Recognition Utility | 2025-04-03 | N/A |
| Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values. | ||||
| CVE-2005-1143 | 1 Easyphpcalendar | 1 Easyphpcalendar | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPHPCalendar before 6.2.8 allows remote attackers to inject arbitrary web script or HTML via the yr parameter. | ||||
| CVE-2005-1161 | 1 Oneworldstore | 1 Oneworldstore | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp. | ||||
| CVE-2005-1160 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | ||||