9015 matches found
Horde Groupware Unauthenticated Admin Access
Horde Groupware contains an administrative account with a blank password, which allows remote attackers to gain access. id: CVE-2005-3344 info: name: Horde Groupware Unauthenticated Admin Access author: pikpikcu severity: critical description: Horde Groupware contains an administrative account wi...
HP Color LaserJet Exposure of Sensitive Information to an Unauthorized Actor (CVE-2005-2988)
HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP. This plugin only works with Tenable.ot. Please visit...
CVE-2005-1849
creationtimestamp| type| source ---|---|--- 2026-03-09 17:15:08+00:00| seen| https://gist.github.com/verdurin/ec4ecbbbe37c7ae1f4a79c34dbdb6793...
CVE-2005-1784
Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp...
CVE-2005-1713
Multiple cross-site scripting XSS vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the 1 templatedropdown and 2 shoutbox plugins...
CVE-2005-1632
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/...
CVE-2005-1281
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service infinite loop via a crafted RSVP packet of length 4...
CVE-2005-1434
Multiple unknown vulnerabilities in OpenView Network Node Manager OV NNM 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code...
CVE-2005-1641
modchannel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service...
CVE-2005-1065
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory...
CVE-2005-1669
Cross-site scripting XSS vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other...
CVE-2005-1652
message.htm for Woppoware PostMaster 4.2.2 build 3.2.5 allows remote attackers to bypass authentication by modifying the email parameter...
CVE-2005-1674
Cross-Site Request Forgery CSRF vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php...
CVE-2005-1638
The writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting XSS vulnerabilities in applications that rely on SafeHTML for protection...
CVE-2005-1917
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file...
CVE-2005-1575
The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160...
CVE-2005-1656
Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space "%20"...
CVE-2005-1971
Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter...
CVE-2005-1908
Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / slash or leading \ backslash in the URL...
CVE-2005-1647
Gurgens GASoft Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords...