Export limit exceeded: 346602 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346602 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4170 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php. | ||||
| CVE-2005-0474 | 1 Webcalendar | 1 Webcalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. | ||||
| CVE-2005-0475 | 1 Php Arena | 1 Pafaq | 2026-04-16 | N/A |
| SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php. | ||||
| CVE-2005-0476 | 1 Hpm Guestbook.cgi | 1 Hpm Guestbook.cgi | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message. | ||||
| CVE-2005-4039 | 1 Web4future | 1 Portal Solutions | 2026-04-16 | N/A |
| Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. | ||||
| CVE-2005-0443 | 1 Devellion | 1 Cubecart | 2026-04-16 | N/A |
| index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. | ||||
| CVE-2005-4167 | 1 Efiction Project | 1 Efiction | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the let parameter in a viewlist action to titles.php. | ||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | ||||
| CVE-2005-0447 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets. | ||||
| CVE-2005-4038 | 1 Web4future | 1 Portal Solutions | 2026-04-16 | N/A |
| SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. | ||||
| CVE-2005-4166 | 1 Duware | 1 Duportal Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter. | ||||
| CVE-2005-4064 | 1 Alan Ward | 1 A-faq | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp. | ||||
| CVE-2005-0435 | 1 Awstats | 1 Awstats | 2026-04-16 | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | ||||
| CVE-2005-4037 | 1 Web4future | 1 Affiliate Manager Professional | 2026-04-16 | N/A |
| SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2005-4165 | 1 Asp-dev | 1 Asp Resources Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp. | ||||
| CVE-2005-4063 | 1 Netauctionhelp | 1 Netauctionhelp | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. | ||||
| CVE-2005-4036 | 1 Web4future | 1 Keyword Frequency Counter | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." | ||||
| CVE-2005-0426 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. | ||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2026-04-16 | N/A |
| DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | ||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2026-04-16 | N/A |
| Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | ||||