Search Results (26471 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2000-1191 2 Htdig Project, Redhat 2 Htdig, Enterprise Linux 2026-04-16 N/A
htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path.
CVE-2005-0050 1 Microsoft 3 Windows 2000, Windows 2003 Server, Windows Nt 2026-04-16 N/A
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."
CVE-2005-0797 1 Novell 1 Ichain 2026-04-16 N/A
Novell iChain Mini FTP Server 2.3 displays different error messages if a user exists or not, which allows remote attackers to obtain sensitive information and facilitates brute force attacks.
CVE-2005-0850 1 Filezilla-project 1 Filezilla Server 2026-04-16 N/A
FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.
CVE-2005-0904 1 Microsoft 1 Windows Xp 2026-04-16 N/A
Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
CVE-2005-1628 1 Web-app.org 1 Webapp 2026-04-16 N/A
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
CVE-2005-1650 1 Woppoware 1 Postmaster 2026-04-16 N/A
The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.
CVE-2005-1682 1 Solstice 1 Solstice Internet Mail Server 2026-04-16 N/A
JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders, which allows remote authenticated users to read other users' e-mail messages by modifying the msgno parameter. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2005-1754 2 Apache Tomcat, Sun 2 Apache Tomcat, Javamail 2026-04-16 N/A
JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2001-0748 1 Acme Labs 1 Acme Server 2026-04-16 N/A
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
CVE-2005-2405 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.
CVE-2005-3164 2 Apache, Hitachi 2 Tomcat, Cosminexus Application Server 2026-04-16 N/A
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
CVE-2005-3183 2 Redhat, W3c 2 Enterprise Linux, Libwww 2026-04-16 N/A
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
CVE-2005-3330 1 Snoopy 1 Snoopy 2026-04-16 N/A
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
CVE-2005-3398 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
CVE-2005-4214 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined.
CVE-2005-4836 1 Apache 1 Tomcat 2026-04-16 N/A
The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information.
CVE-2005-4846 1 Spey 1 Spey 2026-04-16 N/A
Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.
CVE-2005-4849 1 Apache 1 Derby 2026-04-16 N/A
Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.
CVE-2005-4875 1 Typo3 1 Typo3 2026-04-16 N/A
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.