ReportizFlow
Filtered by vendor
Subscriptions
Total
29932 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3379 | 1 Trend Micro | 2 Officescan, Pc-cillin 2005 | 2026-04-16 | N/A |
| Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2005-3382 | 1 Sophos | 1 Sophos Anti-virus | 2026-04-16 | N/A |
| Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | ||||
| CVE-2005-3385 | 1 Techno Dreams | 1 Mailing List | 2026-04-16 | N/A |
| SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | ||||
| CVE-2005-3405 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2026-04-16 | N/A |
| ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability. | ||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2005-2532 | 1 Openvpn | 1 Openvpn | 2026-04-16 | N/A |
| OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted. | ||||
| CVE-2005-3417 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | ||||
| CVE-2005-3421 | 1 Hyper Estraier | 1 Hyper Estraier | 2026-04-16 | N/A |
| estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters. | ||||
| CVE-2005-3424 | 1 Gnu | 1 Gnump3d | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425. | ||||
| CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2026-04-16 | N/A |
| Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension. | ||||
| CVE-2005-3433 | 1 Mirabilis | 1 Icq | 2026-04-16 | N/A |
| Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | ||||
| CVE-2005-3454 | 1 Oracle | 1 Collaboration Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files. | ||||
| CVE-2005-3456 | 1 Oracle | 1 E-business Suite | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge. | ||||
| CVE-2005-3464 | 1 Oracle | 1 Peoplesoft Enterprise | 2026-04-16 | N/A |
| Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04. | ||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | ||||
| CVE-2005-2586 | 1 Mentor | 1 Adslfr4ii | 2026-04-16 | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. | ||||
| CVE-2005-3466 | 1 Oracle | 1 Peoplesoft Enterprise Customer Relationship Management | 2026-04-16 | N/A |
| Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01. | ||||
| CVE-2005-2624 | 1 Cpaint | 1 Cpaint | 2026-04-16 | N/A |
| Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement. | ||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2026-04-16 | N/A |
| Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | ||||
| CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2026-04-16 | N/A |
| Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | ||||