Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-4211 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable. | ||||
| CVE-2005-4212 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable. | ||||
| CVE-2005-4213 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie. | ||||
| CVE-2005-4215 | 1 Motorola | 1 Motorola Cable Modem | 2026-04-16 | N/A |
| Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | ||||
| CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2026-04-16 | N/A |
| The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | ||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-16 | N/A |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | ||||
| CVE-2005-4219 | 1 Innovative Cms | 1 Innovative Cms | 2026-04-16 | N/A |
| setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability. | ||||
| CVE-2005-4222 | 1 Lars Ellingsen | 1 Guestserver | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified message fields. | ||||
| CVE-2005-4223 | 1 Utopia Software | 1 Utopia News Pro | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | ||||
| CVE-2005-4224 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. | ||||
| CVE-2005-4226 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585. | ||||
| CVE-2005-4229 | 1 Everyauction | 1 Everyauction | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources and independently verified using source code inspection. | ||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2026-04-16 | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | ||||
| CVE-2005-4239 | 1 Php Jackknife | 1 Php Jackknife | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. | ||||
| CVE-2005-4238 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. | ||||
| CVE-2005-4241 | 1 Vcd-db | 1 Vcd-db | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter. | ||||
| CVE-2005-4242 | 1 Horde | 1 Turba H3 | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. | ||||
| CVE-2005-4248 | 1 Quickpaypro | 1 Quickpaypro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. | ||||
| CVE-2005-4250 | 1 Mcgallery | 1 Mcgallery Pro | 2026-04-16 | N/A |
| Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter. | ||||