Export limit exceeded: 345817 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345817 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4458 | 1 Metadot | 1 Metadot Portal Server | 2026-04-16 | N/A |
| Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group. | ||||
| CVE-2005-4470 | 1 Blender | 1 Blenloader | 2026-04-16 | N/A |
| Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow. | ||||
| CVE-2005-4604 | 1 Jean-jacques Sarton | 1 Mtink | 2026-04-16 | N/A |
| Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable. | ||||
| CVE-2005-4481 | 1 Polopoly | 1 Polopoly | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package | ||||
| CVE-2005-4490 | 1 Commercial Interactive Media | 1 Scoop | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp. | ||||
| CVE-2005-4498 | 1 Text-e | 1 Text-e Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | ||||
| CVE-2005-4530 | 1 Alstrasoft | 1 Epay | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm. | ||||
| CVE-2005-4563 | 1 Enterprise Heart | 1 Enterprise Connector | 2026-04-16 | N/A |
| SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875. | ||||
| CVE-2005-4570 | 1 Fortinet | 3 Forticlient, Fortimanager, Fortios | 2026-04-16 | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the vendor advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | ||||
| CVE-2005-4587 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2026-04-16 | N/A |
| Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). | ||||
| CVE-2005-4595 | 1 Gentoo | 2 Nview, Xnview | 2026-04-16 | N/A |
| Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. | ||||
| CVE-2005-4621 | 1 Jelsoft | 1 Vbulletin | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | ||||
| CVE-2005-4630 | 1 Clientexec | 1 Clientexec | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters. | ||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | ||||
| CVE-2005-4642 | 1 Hydrobb | 1 Hydrobb | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php. | ||||
| CVE-2005-4654 | 1 Hp | 1 Oracle For Openview | 2026-04-16 | N/A |
| Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors. NOTE: because of the lack of details in the vendor advisory, it is unclear which set of existing CVEs this advisory might refer to. | ||||
| CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-4667 | 2 Info-zip, Redhat | 2 Unzip, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs. | ||||
| CVE-2005-4681 | 1 Khaled Mardam-bey | 1 Mirc | 2026-04-16 | N/A |
| Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk | ||||
| CVE-2005-4694 | 1 Plain Black | 1 Webgui | 2026-04-16 | N/A |
| Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors. | ||||