Export limit exceeded: 345221 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345221 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2026-04-16 | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | ||||
| CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | ||||
| CVE-2005-3018 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. | ||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | ||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | ||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | ||||
| CVE-2005-3326 | 1 Mybulletinboard | 1 Mybulletinboard | 2026-04-16 | N/A |
| SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. | ||||
| CVE-2005-3022 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php. | ||||
| CVE-2005-3023 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php. | ||||
| CVE-2005-3205 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to inject arbitrary web script or HTML via script in the "set markup HTML TABLE" command, which is executed when the user selects a table. | ||||
| CVE-2005-3206 | 1 Oracle | 1 Database Server | 2026-04-16 | N/A |
| iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | ||||
| CVE-2005-3327 | 1 Network Appliance | 1 Data Ontap | 2026-04-16 | N/A |
| Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity. | ||||
| CVE-2005-3207 | 1 Oracle | 1 Forms | 2026-04-16 | N/A |
| The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | ||||
| CVE-2005-3329 | 1 Rsa | 1 Authentication Agent For Web | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. | ||||
| CVE-2005-2646 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2026-04-16 | N/A |
| Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests. | ||||
| CVE-2005-2647 | 1 Xerox | 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. | ||||
| CVE-2005-2648 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. | ||||
| CVE-2005-3208 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages. | ||||
| CVE-2005-3330 | 1 Snoopy | 1 Snoopy | 2026-04-16 | N/A |
| The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. | ||||
| CVE-2005-3331 | 1 Rogers Software Source | 1 Mgdiff Patch Viewer | 2026-04-16 | N/A |
| viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | ||||