Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4652 1 Phlymail 1 Phlymail 2026-04-16 N/A
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
CVE-2005-4653 1 Al-caricatier 1 Al-caricatier 2026-04-16 N/A
Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument.
CVE-2005-4656 1 Triggertg 1 Tclanportal 2026-04-16 N/A
SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter.
CVE-2005-4657 1 Ocean12 Technologies 1 Calendar Manager Pro 2026-04-16 N/A
Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4659 1 Ipcop 1 Ipcop 2026-04-16 N/A
IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
CVE-2005-4660 1 Ipcop 1 Ipcop 2026-04-16 N/A
Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.
CVE-2005-4661 1 Campware.org 1 Campsite 2026-04-16 N/A
The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.
CVE-2005-4665 1 Punbb 1 Punbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.
CVE-2005-4666 1 Phlymail 1 Phlymail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.
CVE-2005-4668 1 Parosproxy 1 Parosproxy 2026-04-16 N/A
The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.
CVE-2005-4669 1 Rt Internet Solutions 1 Rt Internet Solutions Webadmin 2026-04-16 N/A
SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
CVE-2005-4670 1 Citypost 1 Php Lnkx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2005-4671 1 Citypost 1 Simple Php Upload 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-4673 1 Inicom Networks 1 Ioftpd 2026-04-16 N/A
ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.
CVE-2005-4674 1 Complete Php Counter 1 Complete Php Counter 2026-04-16 N/A
Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.
CVE-2005-4675 1 Complete Php Counter 1 Complete Php Counter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter.
CVE-2005-4676 1 Andreas Huggel 1 Exiv2 2026-04-16 N/A
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
CVE-2005-4677 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.
CVE-2005-4678 1 Apple 1 Safari 2026-04-16 N/A
Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4679 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.