Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4203 | 1 Logisphere | 1 Logisphere | 2026-04-16 | N/A |
| LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this description accurately reflects the discloser's claim and is distinct from the XSS issue. | ||||
| CVE-2005-4204 | 1 Logisphere | 1 Logisphere | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS. | ||||
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-4206 | 1 Blackboard | 1 Academic Suite | 2026-04-16 | 6.1 Medium |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page. | ||||
| CVE-2005-4210 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a long title. | ||||
| CVE-2005-4211 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the $_CCFG[_PKG_PATH_DBSE] variable. | ||||
| CVE-2005-4212 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable. | ||||
| CVE-2005-4213 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie. | ||||
| CVE-2005-4214 | 1 Coinsoft Technologies | 1 Phpcoin | 2026-04-16 | N/A |
| phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not defined. | ||||
| CVE-2005-4215 | 1 Motorola | 1 Motorola Cable Modem | 2026-04-16 | N/A |
| Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). | ||||
| CVE-2005-4216 | 1 Macromedia | 1 Flash Media Server | 2026-04-16 | N/A |
| The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111. | ||||
| CVE-2005-4218 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-16 | N/A |
| SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbitrary SQL commands via the msg parameter, a different vulnerability than CVE-2005-3585. | ||||
| CVE-2005-4219 | 1 Innovative Cms | 1 Innovative Cms | 2026-04-16 | N/A |
| setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability. | ||||
| CVE-2005-4220 | 1 Netgear | 1 Rp114 | 2026-04-16 | N/A |
| Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap. | ||||
| CVE-2005-4221 | 1 Arab Portal | 1 Arab Portal | 2026-04-16 | N/A |
| SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string). | ||||
| CVE-2005-4222 | 1 Lars Ellingsen | 1 Guestserver | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified message fields. | ||||
| CVE-2005-4223 | 1 Utopia Software | 1 Utopia News Pro | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote attackers to execute arbitrary SQL commands via (1) the newsid parameter in editnews.php, (2) the catid and question parameters in faq.php, (3) the poster parameter in postnews.php, (4) the tempid parameter in templates.php, and (5) the userid and groupid parameters in users.php. | ||||
| CVE-2005-4224 | 1 E107 | 1 E107 | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execute arbitrary SQL commands via (1) the email, hideemail, image, realname, signature, timezone, and xupexist parameters in signup.php, (2) the content_comment, content_rating, and content_summary parameters in subcontent.php, (3) the download_category and file_demo in upload.php, and (4) the email, hideemail, user_timezone, and user_xup parameters in usersettings.php. | ||||
| CVE-2005-4226 | 1 Phpwebthings | 1 Phpwebthings | 2026-04-16 | N/A |
| Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585. | ||||
| CVE-2005-4228 | 1 Phpwebgallery | 1 Phpwebgallery | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) since, (2) sort_by, and (3) items_number parameters to comments.php, (4) the search parameter to category.php, and (5) image_id parameter to picture.php. NOTE: it was later reported that the comments.php/sort_by vector also affects 1.7.2 and earlier. | ||||