Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2808 | 1 Lycos | 1 Htmlgear Guestgear | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR guestGEAR (aka Guest Gear) allows remote attackers to inject arbitrary web script or HTML via a guestbook post containing a javascript URI in the SRC attribute of the BR element after an extra "iframe" tagname within that element, followed by a double ">", which might bypass cleansing operations. | ||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2026-04-16 | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | ||||
| CVE-2006-2809 | 1 Ar-blog | 1 Ar-blog | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in ar-blog 5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) count parameter, and possibly the (2) next, (3) Year_the_news, and (4) mo parameters. NOTE: the year and month vectors are already covered by CVE-2006-0333. | ||||
| CVE-2005-4235 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters. | ||||
| CVE-2005-4236 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters. | ||||
| CVE-2005-4237 | 1 Servers-r-us | 1 Mysqlauction | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module. | ||||
| CVE-2005-4252 | 1 Mcgallery | 1 Mcgallery Pro | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. | ||||
| CVE-2005-4253 | 1 Torrential | 1 Torrential | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to inject arbitrary web script or HTML via the URL. NOTE: this might be resultant from CVE-2005-4160. | ||||
| CVE-2005-4254 | 1 Dreamlevels | 1 Dream Poll | 2026-04-16 | N/A |
| SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2005-4255 | 1 Wikkawiki | 1 Wikkawiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter. | ||||
| CVE-2005-4264 | 1 Triangle Solutions | 1 Php Support Tickets | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parameter. | ||||
| CVE-2005-4272 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal. | ||||
| CVE-2004-1623 | 1 Microsoft | 1 Windows Xp | 2026-04-16 | N/A |
| The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | ||||
| CVE-2005-4277 | 1 Toenda Software Development | 1 Toendacms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote attackers to inject arbitrary web script or HTML via the id parameter. | ||||
| CVE-2004-1630 | 1 Openwfe | 1 Work Flow Engine | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. | ||||
| CVE-2004-1632 | 1 Moniwiki | 1 Moniwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php. | ||||
| CVE-2005-4278 | 1 Larry Wall | 1 Perl | 2026-04-16 | N/A |
| Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | ||||
| CVE-2005-4280 | 1 Kitware | 1 Cmake | 2026-04-16 | N/A |
| Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | ||||
| CVE-2005-4281 | 1 Zaygo | 1 Hostingcart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi. | ||||
| CVE-2005-4286 | 1 Phplogcon | 1 Phplogcon | 2026-04-16 | N/A |
| Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php. | ||||