Export limit exceeded: 348218 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1224 | 1 Duware | 1 Duportal | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236. | ||||
| CVE-2005-1225 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | ||||
| CVE-2005-1226 | 1 Coppermine | 1 Coppermine Photo Gallery | 2025-04-03 | N/A |
| Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2005-1227 | 1 Phprojekt | 1 Phprojekt | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. | ||||
| CVE-2005-1228 | 2 Gnu, Redhat | 2 Gzip, Enterprise Linux | 2025-04-03 | N/A |
| Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | ||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2025-04-03 | N/A |
| Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | ||||
| CVE-2005-1230 | 1 Magnus Lundvall | 1 Yawcam | 2025-04-03 | N/A |
| Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request. | ||||
| CVE-2005-1231 | 1 Jaws | 1 Jaws | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. | ||||
| CVE-2005-1232 | 1 Sun | 1 Java System Web Proxy Server | 2025-04-03 | N/A |
| Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2005-1233 | 1 Php Labs | 1 Profile | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters. | ||||
| CVE-2005-1234 | 1 Phpbb Group | 1 Phpbb-auction | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php. | ||||
| CVE-2005-1235 | 1 Phpbb Group | 1 Phpbb-auction | 2025-04-03 | N/A |
| auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message. | ||||
| CVE-2005-1236 | 1 Duware | 1 Duportal | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224. | ||||
| CVE-2005-1237 | 1 China-on-site | 1 Flexphpnews | 2025-04-03 | N/A |
| SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter. | ||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2025-04-03 | N/A |
| By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | ||||
| CVE-2005-1239 | 1 Raz-lee | 1 Security\+\+\+ | 2025-04-03 | N/A |
| Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||
| CVE-2005-1240 | 1 Castlehill | 1 Secure Net | 2025-04-03 | N/A |
| Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2025-04-03 | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||
| CVE-2005-1242 | 1 Bsafe | 1 Global Security | 2025-04-03 | N/A |
| Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||
| CVE-2005-1243 | 1 Safestone Technologies | 1 Axcessit | 2025-04-03 | N/A |
| Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | ||||