Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4403 1 Qcm 1 Marwel 2026-04-16 N/A
SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the show parameter.
CVE-2005-4404 1 Media2 Cms 1 Media2 Cms Shop 2026-04-16 N/A
SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
CVE-2005-4405 1 Random Mouse Software 1 Red Queen 2026-04-16 N/A
redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks the path in an error message.
CVE-2005-4408 1 Pc Media 1 Miraserver 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php.
CVE-2005-4409 1 Mmbase 1 Mmbase 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-4410 1 Nqcontent 1 Nqcontent 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter.
CVE-2005-4411 1 David Harris 1 Mercury Mail Transport System 2026-04-16 N/A
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
CVE-2005-4413 1 Ibm 1 Websphere Application Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1.
CVE-2005-4414 1 Open Lab 1 Teamwork 2026-04-16 N/A
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."
CVE-2005-4415 1 Tml 1 Tml 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter.
CVE-2005-4418 1 Vserver 1 Util-vserver 2026-04-16 N/A
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.
CVE-2005-4419 1 Quicksquare Development 2 Honeycomb Archive, Honeycomb Archive Enterprise 2026-04-16 N/A
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters.
CVE-2005-4420 1 Quicksquare Development 1 Honeycomb Archive Enterprise 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm.
CVE-2005-4421 1 Dev-editor 1 Dev-editor 2026-04-16 N/A
Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name.
CVE-2005-4422 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums.
CVE-2005-4423 1 Phpfm 1 Phpfm 2026-04-16 N/A
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
CVE-2005-4424 1 Phpkit 1 Phpkit 2026-04-16 N/A
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
CVE-2005-4427 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php.
CVE-2005-4428 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
CVE-2005-4429 1 Cs-cart 1 Cs-cart 2026-04-16 N/A
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.