Export limit exceeded: 344947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344947 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1582 | 1 1two | 1 1two News | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables. | ||||
| CVE-2005-1583 | 1 1two | 1 1two News | 2026-04-16 | N/A |
| 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | ||||
| CVE-2005-1585 | 1 Open Solution | 1 Quick.forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory. | ||||
| CVE-2005-1586 | 1 Open Solution | 1 Quick.forum | 2026-04-16 | N/A |
| Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | ||||
| CVE-2005-1587 | 1 Open Solution | 1 Quick.cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. | ||||
| CVE-2005-1588 | 1 Open Solution | 1 Quick.cart | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection | ||||
| CVE-2005-1589 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264. | ||||
| CVE-2005-1590 | 1 Altiris | 2 Client Service, Deployment Solution | 2026-04-16 | N/A |
| The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. | ||||
| CVE-2005-1591 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors. | ||||
| CVE-2005-1592 | 1 Birdblog | 1 Birdblog | 2026-04-16 | N/A |
| Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript. | ||||
| CVE-2005-1593 | 1 Codethat | 1 Shoppingcart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2005-1594 | 1 Codethat | 1 Shoppingcart | 2026-04-16 | N/A |
| SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2026-04-16 | N/A |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | ||||
| CVE-2005-1597 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. | ||||
| CVE-2005-1598 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2026-04-16 | N/A |
| SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. | ||||
| CVE-2005-1599 | 1 Kryloff Technologies | 1 Subject Search Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. | ||||
| CVE-2005-1600 | 1 Libtomcrypt | 1 Libtomcrypt | 2026-04-16 | N/A |
| A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key. | ||||
| CVE-2005-1601 | 1 Mro Software | 1 Maximo Self Service | 2026-04-16 | N/A |
| MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties. | ||||
| CVE-2005-1602 | 1 Net56 | 1 File Manager | 2026-04-16 | N/A |
| SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | ||||
| CVE-2005-1603 | 1 Niteenterprises | 1 Remote File Manager | 2026-04-16 | N/A |
| NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080. | ||||