Export limit exceeded: 349534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29914 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29914 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | ||||
| CVE-2005-4445 | 1 David Harris | 1 Pegasus Mail | 2026-04-16 | N/A |
| Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | ||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2026-04-16 | N/A |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | ||||
| CVE-2005-2464 | 1 Pcxp Toppe Cms | 1 Pcxp Toppe Cms | 2026-04-16 | N/A |
| login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | ||||
| CVE-2005-2467 | 1 Mysql | 1 Eventum | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | ||||
| CVE-2005-2468 | 1 Mysql | 1 Eventum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. | ||||
| CVE-2005-2469 | 1 Novell | 1 Netmail | 2026-04-16 | N/A |
| Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. | ||||
| CVE-2005-2470 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-16 | N/A |
| Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | ||||
| CVE-2005-4446 | 1 Aspbite | 1 Aspbite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | ||||
| CVE-2005-4508 | 1 Nexus Concepts | 1 Dev Hound | 2026-04-16 | N/A |
| Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file. | ||||
| CVE-2005-2475 | 2 Info-zip, Redhat | 2 Unzip, Enterprise Linux | 2026-04-16 | N/A |
| Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. | ||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | ||||
| CVE-2005-2477 | 1 Naxtor | 1 Shopping Cart | 2026-04-16 | N/A |
| shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability. | ||||
| CVE-2005-4509 | 1 Parallel Tools Consortium | 1 Ptools | 2026-04-16 | N/A |
| SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL commands via the docID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | ||||
| CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2026-04-16 | N/A |
| ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | ||||
| CVE-2005-2483 | 1 Karrigell | 1 Karrigell | 2026-04-16 | N/A |
| Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script. | ||||
| CVE-2005-2484 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2026-04-16 | N/A |
| Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code. | ||||
| CVE-2005-2485 | 1 Logicampus | 1 Logicampus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2005-2486 | 1 Portailphp | 1 Portailphp | 2026-04-16 | N/A |
| SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701. | ||||