Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4670 1 Citypost 1 Php Lnkx 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
CVE-2005-4671 1 Citypost 1 Simple Php Upload 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-4672 1 Citypost 1 Simple Image Editor 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter.
CVE-2004-1776 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
CVE-2004-1779 1 Thwboard 1 Thwboard Beta 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.
CVE-2005-4677 1 Oscommerce 1 Oscommerce 2026-04-16 N/A
SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php.
CVE-2005-4680 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.
CVE-2005-4688 1 Punbb 1 Punbb 2026-04-16 N/A
PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.
CVE-2005-4687 2 F-art Agency, Punbb 2 Blog Cms, Punbb 2026-04-16 N/A
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
CVE-2004-1781 1 Info Touch 1 Surfnet 2026-04-16 N/A
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
CVE-2004-1785 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
CVE-2005-4693 1 Gaim-encryption 1 Gaim-encryption 2026-04-16 N/A
Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.
CVE-2005-4694 1 Plain Black 1 Webgui 2026-04-16 N/A
Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.
CVE-2005-4695 1 Symantec 1 Brightmail Antispam 2026-04-16 N/A
Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.
CVE-2005-4701 1 Sun 1 Solaris 2026-04-16 N/A
Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.
CVE-2005-4702 1 Ipbproarcade 1 Ipbproarcade 2026-04-16 N/A
SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.
CVE-2005-4703 1 Apache 1 Tomcat 2026-04-16 N/A
Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.
CVE-2005-4704 1 Bea 1 Weblogic Server 2026-04-16 N/A
Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.
CVE-2005-4705 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.
CVE-2004-1789 1 Zyxel 1 Zywall10 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.