Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4094 1 Docebolms 1 Docebolms 2025-04-03 N/A
connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script.
CVE-2005-4091 1 1-script 1 1-search 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-4139 1 Thwboard 1 Thwboard Beta 2025-04-03 N/A
Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in v_profile.php, and (3) the userid parameter in misc.php.
CVE-2005-4140 1 Website Baker 1 Website Baker 2025-04-03 N/A
SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.
CVE-2005-4141 1 Aspmforum 1 Aspmforum 2025-04-03 N/A
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.
CVE-2005-4146 1 Lyris Technologies Inc 1 Listmanager 2025-04-03 N/A
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.
CVE-2005-4149 1 Lyris Technologies Inc 1 Listmanager 2025-04-03 N/A
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
CVE-2005-4150 1 Broadcom 1 Cleverpath Portal 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.
CVE-2005-4153 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2025-04-03 N/A
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
CVE-2005-4157 1 Kerio 1 Winroute Firewall 2025-04-03 N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.
CVE-2005-4166 1 Duware 1 Duportal Pro 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote attackers to inject arbitrary web script or HTML via the result parameter.
CVE-2005-4175 1 Insyde 1 Insyde Bios 2025-04-03 N/A
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
CVE-2005-4176 1 Award 1 Award Bios Modular 2025-04-03 N/A
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
CVE-2005-4178 2 Debian, Dropbear Ssh Project 2 Debian Linux, Dropbear Ssh 2025-04-03 N/A
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
CVE-2005-4193 1 Usebb 1 Usebb 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.
CVE-2005-4194 1 Innovateware 1 Sights N Sounds Streaming Media Server 2025-04-03 N/A
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string.
CVE-2005-0020 2 Mandrakesoft, Playmidi 3 Mandrake Linux, Mandrake Linux Corporate Server, Playmidi 2025-04-03 N/A
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
CVE-2005-4201 1 Showalbumonline 1 My Album Online 2025-04-03 N/A
Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.
CVE-2005-4205 1 Locazo 1 Locazolist Classifieds 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-4212 1 Coinsoft Technologies 1 Phpcoin 2025-04-03 N/A
Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.