Export limit exceeded: 346758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1722 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-16 | N/A |
| Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions. | ||||
| CVE-2005-4331 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2026-04-16 | N/A |
| SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters. | ||||
| CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2026-04-16 | N/A |
| Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | ||||
| CVE-2005-1735 | 1 Electricmonk | 1 Proms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PROMS before 0.11 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2005-4332 | 1 Cisco | 1 Network Admission Control Manager And Server System Software | 2026-04-16 | N/A |
| Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp. | ||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. | ||||
| CVE-2005-4474 | 1 Rarlab | 1 Winrar | 2026-04-16 | N/A |
| Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE. | ||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2026-04-16 | N/A |
| SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | ||||
| CVE-2005-4475 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | ||||
| CVE-2005-4336 | 1 Courseforum | 1 Projectforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group. | ||||
| CVE-2005-1759 | 1 Shtool | 1 Shtool | 2026-04-16 | N/A |
| Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. | ||||
| CVE-2005-4341 | 1 Blackboard | 1 Academic Suite | 2026-04-16 | N/A |
| Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure. | ||||
| CVE-2005-4476 | 1 Openedit Inc | 1 Openedit | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters. | ||||
| CVE-2005-1777 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | ||||
| CVE-2005-4344 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration. | ||||
| CVE-2005-1778 | 1 Postnuke Software Foundation | 1 Postnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to inject arbitrary web script or HTML via the start parameter. | ||||
| CVE-2005-4345 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges. | ||||
| CVE-2005-4477 | 1 Papaya | 1 Papaya Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter. | ||||
| CVE-2005-1784 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers to steal passwords and gain privileges via a modified emailaddress parameter in an updateprofile action for UserProfile.asp. | ||||
| CVE-2005-1788 | 1 Hosting Controller | 1 Hosting Controller | 2026-04-16 | N/A |
| SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter. | ||||