Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4082 | 1 Qnx | 1 Qnx | 2025-04-03 | N/A |
| The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks. | ||||
| CVE-2005-4081 | 1 Alisveristr | 1 Alisveristr E-commerce | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages. | ||||
| CVE-2005-4076 | 1 Appfluent Technology | 1 Database Ids | 2025-04-03 | N/A |
| Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable. | ||||
| CVE-2005-4085 | 1 Bluecoat | 2 Proxyav, Webproxy | 2025-04-03 | N/A |
| Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header. | ||||
| CVE-2005-4086 | 1 Sugarcrm | 1 Sugar Suite | 2025-04-03 | N/A |
| Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter. | ||||
| CVE-2005-4087 | 1 Sugarcrm | 1 Sugar Suite | 2025-04-03 | N/A |
| PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter. | ||||
| CVE-2005-4088 | 1 W2b | 1 Phpforumpro | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters. | ||||
| CVE-2005-4090 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact. | ||||
| CVE-2005-4091 | 1 1-script | 1 1-search | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-4084 | 1 Phpbb Styles | 1 Phpbb Extreme Styles | 2025-04-03 | N/A |
| xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter. | ||||
| CVE-2005-4095 | 1 Docebolms | 1 Docebolms | 2025-04-03 | N/A |
| Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command. | ||||
| CVE-2005-4094 | 1 Docebolms | 1 Docebolms | 2025-04-03 | N/A |
| connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script. | ||||
| CVE-2005-4132 | 1 Contenido | 1 Contendio | 2025-04-03 | N/A |
| Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. NOTE: it is likely that this is a PHP remote file include vulnerability. | ||||
| CVE-2005-4138 | 1 Thwboard | 1 Thwboard Beta | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php. | ||||
| CVE-2005-4140 | 1 Website Baker | 1 Website Baker | 2025-04-03 | N/A |
| SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field. | ||||
| CVE-2005-4144 | 1 Lyris | 1 List Manager | 2025-04-03 | N/A |
| Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace. | ||||
| CVE-2005-4145 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack. | ||||
| CVE-2005-4146 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information. | ||||
| CVE-2005-4148 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page. | ||||
| CVE-2005-4147 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing "@" characters. | ||||