Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4022 1 Gallery Project 1 Gallery 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.
CVE-2005-4023 1 Gallery Project 1 Gallery 2025-04-03 N/A
Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.
CVE-2005-4024 1 Interspire 1 Fastfind 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2005-4026 1 Geeklog 1 Geeklog 2025-04-03 N/A
search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.
CVE-2005-4037 1 Web4future 1 Affiliate Manager Professional 2025-04-03 N/A
SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.
CVE-2005-4035 1 Web4future 1 Web4future Ecommerce 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php.
CVE-2005-4043 1 Hobosworld 1 Hobsr 2025-04-03 N/A
SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters.
CVE-2005-4054 1 Pluggedout 1 Pluggedout Blog 2025-04-03 N/A
SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter.
CVE-2005-4055 1 Cars Portal 1 Cars Portal 2025-04-03 N/A
SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters.
CVE-2005-4056 1 Jonathan Beckett 1 Pluggedout Nexus 2025-04-03 N/A
SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters.
CVE-2005-4057 1 Jonathan Beckett 1 Pluggedout Nexus 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters.
CVE-2005-4065 1 Edgewall Software 1 Trac 2025-04-03 N/A
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-4086 1 Sugarcrm 1 Sugar Suite 2025-04-03 N/A
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
CVE-2005-4072 1 Cfmagic 1 Magic Forum Personal 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field.
CVE-2005-4076 1 Appfluent Technology 1 Database Ids 2025-04-03 N/A
Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable.
CVE-2005-4082 1 Qnx 1 Qnx 2025-04-03 N/A
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks.
CVE-2005-4083 1 Phpbb Styles 1 Extreme Styles Phpbb Module 2025-04-03 N/A
Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.
CVE-2005-4085 1 Bluecoat 2 Proxyav, Webproxy 2025-04-03 N/A
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
CVE-2005-4094 1 Docebolms 1 Docebolms 2025-04-03 N/A
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.
CVE-2005-4091 1 1-script 1 1-search 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.