Export limit exceeded: 364221 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364221 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3935 1 Socketkb 1 Socketkb 2026-04-16 N/A
SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters.
CVE-2005-3942 1 Greywyvern 1 Orca Knowledgebase 2026-04-16 N/A
SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter.
CVE-2005-3948 1 Phpalbum.net 1 Phpalbum 2026-04-16 N/A
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters.
CVE-2005-2783 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.
CVE-2005-3949 1 Webcalendar 1 Webcalendar 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php.
CVE-2006-1174 2 Debian, Redhat 2 Shadow, Enterprise Linux 2026-04-16 N/A
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and possibly allows attackers to read or modify the mailbox.
CVE-2005-3952 1 Php Labs 1 Top Auction 2026-04-16 N/A
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
CVE-2005-3953 1 Bedeng Psp 1 Bedeng Psp 2026-04-16 N/A
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.
CVE-2005-3956 1 Dmanews 1 Dmanews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action.
CVE-2005-3959 1 Freewebstat 1 Freewebstat 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.
CVE-2006-1175 1 Weonlydo 1 Weonlydo Sftp 2026-04-16 N/A
The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page.
CVE-2006-2325 1 Onlyscript.info 1 Online Universal Payment System Script 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in OnlyScript.info Online Universal Payment System Script allows remote attackers to inject arbitrary web script or HTML via the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Also, this issue might be resultant from directory traversal.
CVE-2005-3962 2 Perl, Redhat 2 Perl, Enterprise Linux 2026-04-16 N/A
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
CVE-2005-3963 1 Dotclear 1 Dotclear 2026-04-16 N/A
SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie.
CVE-2005-3967 1 Atlassian 1 Confluence 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter.
CVE-2005-3972 1 Extreme Corporate 1 Extreme Search 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2005-3973 1 Drupal 1 Drupal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist.
CVE-2005-2807 1 Frox 1 Frox 2026-04-16 N/A
frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.
CVE-2005-3974 1 Drupal 1 Drupal 2026-04-16 N/A
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
CVE-2005-2808 1 Frox 1 Frox 2026-04-16 N/A
frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts.