Export limit exceeded: 29909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4679 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | ||||
| CVE-2005-4680 | 1 Sophos | 1 Sophos Anti-virus | 2026-04-16 | N/A |
| Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | ||||
| CVE-2006-4871 | 1 Keyvan1 | 1 Eshoppingpro | 2026-04-16 | N/A |
| SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan Janghorbani) EShoppingPro 1.0 allows remote attackers to execute arbitrary SQL commands via the order parameter. | ||||
| CVE-2005-4682 | 1 Audienceview | 1 Audienceview | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4684 | 1 Kde | 1 Konqueror | 2026-04-16 | N/A |
| Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | ||||
| CVE-2005-4685 | 1 Mozilla | 2 Firefox, Mozilla | 2026-04-16 | N/A |
| Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | ||||
| CVE-2005-4686 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information. | ||||
| CVE-2006-4872 | 1 Keyvan1 | 1 Ecardpro | 2026-04-16 | N/A |
| SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan Janghorbani) ECardPro 2.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | ||||
| CVE-2005-4702 | 1 Ipbproarcade | 1 Ipbproarcade | 2026-04-16 | N/A |
| SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430. | ||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | ||||
| CVE-2005-4704 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. | ||||
| CVE-2006-4875 | 1 Jupiter Cms | 1 Jupiter Cms | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in modules/galleryuploadfunction.php in Jupiter CMS allows remote attackers to upload picture files, and possibly files with arbitrary extensions, to gallery/albums/public. | ||||
| CVE-2005-4706 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function. | ||||
| CVE-2005-4707 | 1 Php Gen | 1 Php Gen | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-4709 | 1 Jboss | 1 Enterprise Java Beans | 2026-04-16 | N/A |
| The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. | ||||
| CVE-2005-4713 | 1 Pam Mysql | 1 Pam Mysql | 2026-04-16 | N/A |
| Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call. | ||||
| CVE-2005-4714 | 1 Openvmps | 1 Openvmps | 2026-04-16 | N/A |
| Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2005-4715 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | ||||
| CVE-2005-4716 | 1 Hitachi | 2 Tpi Net Library, Tpi Server Base | 2026-04-16 | N/A |
| Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes. | ||||
| CVE-2005-4727 | 1 Martin Bauer | 1 Gbook | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field. | ||||