Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4670 1 Citypost 1 Php Lnkx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2005-4671 1 Citypost 1 Simple Php Upload 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-4672 1 Citypost 1 Simple Image Editor 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter.
CVE-2004-1776 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
CVE-2004-1779 1 Thwboard 1 Thwboard Beta 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.
CVE-2005-4677 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.
CVE-2005-4680 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
CVE-2005-4688 1 Punbb 1 Punbb 2026-04-16 N/A
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
CVE-2005-3448 1 Oracle 1 Application Server 2026-04-16 N/A
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
CVE-2005-4687 2 F-art Agency, Punbb 2 Blog Cms, Punbb 2026-04-16 N/A
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVE-2004-1781 1 Info Touch 1 Surfnet 2026-04-16 N/A
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
CVE-2006-3417 1 Tor 1 Tor 2026-04-16 N/A
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
CVE-2004-1785 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
CVE-2005-4693 1 Gaim-encryption 1 Gaim-encryption 2026-04-16 N/A
Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.
CVE-2005-4694 1 Plain Black 1 Webgui 2026-04-16 N/A
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.
CVE-2005-4695 1 Symantec 1 Brightmail Antispam 2026-04-16 N/A
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.
CVE-2005-3099 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code.
CVE-2005-4701 1 Sun 1 Solaris 2026-04-16 N/A
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
CVE-2005-4702 1 Ipbproarcade 1 Ipbproarcade 2026-04-16 N/A
SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.
CVE-2005-4703 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.