Export limit exceeded: 350826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29922 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4414 | 1 Open Lab | 1 Teamwork | 2026-04-16 | N/A |
| Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." | ||||
| CVE-2005-4415 | 1 Tml | 1 Tml | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. | ||||
| CVE-2005-4417 | 3 Anycom, Belkin, Widcomm | 3 Blue Usb-130-250 Software, Bluetooth Software, Bluetooth For Windows | 2026-04-16 | N/A |
| The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | ||||
| CVE-2005-4426 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB. | ||||
| CVE-2005-4435 | 1 Abledesign | 1 D-man | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4436 | 1 Extended Interior Gateway Routing Protocol | 1 Extended Interior Gateway Routing Protocol | 2026-04-16 | N/A |
| Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). | ||||
| CVE-2005-4438 | 1 Dec2rar.dll | 1 Dec2rar.dll | 2026-04-16 | N/A |
| Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | ||||
| CVE-2005-4442 | 1 Openldap | 1 Openldap | 2026-04-16 | N/A |
| Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | ||||
| CVE-2005-4445 | 1 David Harris | 1 Pegasus Mail | 2026-04-16 | N/A |
| Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | ||||
| CVE-2005-4448 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and the hashed password rather than the plaintext password, which allows attackers to gain privileges by obtaining the password hash (possibly via CVE-2005-2813), then calculating the credentials and including them in the secid cookie. | ||||
| CVE-2005-4449 | 1 Flatnuke | 1 Flatnuke | 2026-04-16 | N/A |
| verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability. | ||||
| CVE-2005-4450 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | ||||
| CVE-2005-4451 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors. | ||||
| CVE-2005-4452 | 1 Information Call Center | 1 Information Call Center | 2026-04-16 | N/A |
| Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | ||||
| CVE-2005-4453 | 1 Ultraapps | 1 Ultraapps Issue Manager | 2026-04-16 | N/A |
| UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field. | ||||
| CVE-2005-4454 | 1 Livejournal | 1 Livejournal | 2026-04-16 | N/A |
| Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets. | ||||
| CVE-2005-4455 | 1 Livejournal | 1 Livejournal | 2026-04-16 | N/A |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | ||||
| CVE-2005-4481 | 1 Polopoly | 1 Polopoly | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package | ||||
| CVE-2005-4482 | 1 Iatek | 1 Portalapp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter. | ||||
| CVE-2005-4490 | 1 Commercial Interactive Media | 1 Scoop | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp. | ||||