Export limit exceeded: 29923 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2781 | 1 Ilia Alshanetsky | 1 Fudforum | 2026-04-16 | N/A |
| The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code. | ||||
| CVE-2005-2783 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. | ||||
| CVE-2005-2784 | 1 Cosmoshop | 1 Cosmoshop | 2026-04-16 | N/A |
| SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors. | ||||
| CVE-2006-0351 | 1 Don Moore | 1 Mydns | 2026-04-16 | N/A |
| Unspecified "critical denial-of-service vulnerability" in MyDNS before 1.1.0 has unknown impact and attack vectors. | ||||
| CVE-2005-3810 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which leads to a null dereference. | ||||
| CVE-2005-3851 | 1 Onlinetechtools.com | 1 Oasys Lite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter. | ||||
| CVE-2005-3926 | 1 Guppy | 1 Guppy | 2026-04-16 | N/A |
| Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script. | ||||
| CVE-2005-3935 | 1 Socketkb | 1 Socketkb | 2026-04-16 | N/A |
| SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. | ||||
| CVE-2005-4012 | 1 Php Web | 1 Statistik | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php. | ||||
| CVE-2005-4014 | 1 Php Web | 1 Statistik | 2026-04-16 | N/A |
| stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | ||||
| CVE-2005-4015 | 1 Php Web | 1 Statistik | 2026-04-16 | N/A |
| PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. | ||||
| CVE-2005-4016 | 1 Widget Press | 1 Widget Property | 2026-04-16 | N/A |
| SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | ||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2026-04-16 | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | ||||
| CVE-2005-4018 | 1 Landshop | 1 Real Estate Commerce System | 2026-04-16 | N/A |
| SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters. | ||||
| CVE-2005-4019 | 1 Relative Real Estate Systems | 1 Relative Real Estate Systems | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter. | ||||
| CVE-2005-4020 | 1 Widget Press | 1 Widget Imprint | 2026-04-16 | N/A |
| SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | ||||
| CVE-2005-4021 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2005-4023 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2005-4024 | 1 Interspire | 1 Fastfind | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-4025 | 1 Help Desk Reloaded | 1 Free Help Desk | 2026-04-16 | N/A |
| Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. | ||||