Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2979 1 Phpoutsourcing 1 Noahs Classifieds 2026-04-16 N/A
SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter.
CVE-2005-2997 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php.
CVE-2002-2127 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \Device\PhysicalMemory by its name, which could allow local privileged processes to overwrite kernel memory by accessing the device through a symlink.
CVE-2005-2998 1 Bugada Andrea 1 Php Advanced Transfer Manager 2026-04-16 N/A
PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files.
CVE-2002-2133 1 Telindus 1 1120 Adsl Router 2026-04-16 N/A
Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password.
CVE-2005-3764 1 Exponent 1 Exponent 2026-04-16 N/A
The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML.
CVE-2004-1412 1 Kayako 1 Esupport 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
CVE-2005-3766 1 Exponent 1 Exponent 2026-04-16 N/A
Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files.
CVE-2006-1681 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated.
CVE-2006-4024 1 Festalon 1 Festalon 2026-04-16 N/A
The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through 0.5.5 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative LoadAddr value in a HES file, which is used as an offset in a memcpy operation and leads to a buffer underflow.
CVE-2005-3804 1 Cisco 1 7920 Wireless Ip Phone 2026-04-16 N/A
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
CVE-2005-3814 1 Orbitscripts 1 Smartppc Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php.
CVE-2005-3829 1 Activecampaign 1 Knowledgebuilder 2026-04-16 N/A
index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.
CVE-2005-3830 1 Activecampaign 1 Supporttrio 2026-04-16 N/A
index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.
CVE-2005-3834 1 Tunez 1 Tunez 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.
CVE-2005-3841 1 Kplaylist 1 Kplaylist 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter.
CVE-2005-3850 1 Onlinetechtools.com 1 Okbsys Lite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter.
CVE-2005-3854 1 Easypagecms 1 Easypagecms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
CVE-2005-3865 1 Scripts-templates 1 Allweb Search 2026-04-16 N/A
SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.
CVE-2005-3867 1 Wwwsearchsolutions 1 Revenuepilot Search Engine Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.