Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4670 | 1 Citypost | 1 Php Lnkx | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2005-4671 | 1 Citypost | 1 Simple Php Upload | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2005-4672 | 1 Citypost | 1 Simple Image Editor | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. | ||||
| CVE-2004-1776 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. | ||||
| CVE-2004-1779 | 1 Thwboard | 1 Thwboard Beta | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter. | ||||
| CVE-2005-4677 | 1 Oscommerce | 1 Oscommerce | 2026-04-16 | N/A |
| SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php. | ||||
| CVE-2005-4680 | 1 Sophos | 1 Sophos Anti-virus | 2026-04-16 | N/A |
| Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | ||||
| CVE-2005-4688 | 1 Punbb | 1 Punbb | 2026-04-16 | N/A |
| PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session. | ||||
| CVE-2005-4687 | 2 F-art Agency, Punbb | 2 Blog Cms, Punbb | 2026-04-16 | N/A |
| PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header. | ||||
| CVE-2004-1781 | 1 Info Touch | 1 Surfnet | 2026-04-16 | N/A |
| Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. | ||||
| CVE-2004-1785 | 1 Invision Power Services | 1 Invision Board | 2026-04-16 | N/A |
| SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | ||||
| CVE-2005-4693 | 1 Gaim-encryption | 1 Gaim-encryption | 2026-04-16 | N/A |
| Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c. | ||||
| CVE-2005-4694 | 1 Plain Black | 1 Webgui | 2026-04-16 | N/A |
| Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors. | ||||
| CVE-2005-4695 | 1 Symantec | 1 Brightmail Antispam | 2026-04-16 | N/A |
| Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages. | ||||
| CVE-2005-4701 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx. | ||||
| CVE-2005-4702 | 1 Ipbproarcade | 1 Ipbproarcade | 2026-04-16 | N/A |
| SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430. | ||||
| CVE-2005-4703 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto. | ||||
| CVE-2005-4704 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges. | ||||
| CVE-2005-4705 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection. | ||||
| CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | ||||