Search Results (362694 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4485 1 Iatek 1 Projectapp 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the keywords parameter to (1) forums.asp, (2) search_employees.asp, (3) cat.asp, and (4) links.asp; (5) projectid parameter to pmprojects.asp, (6) ret_page parameter to login.asp, and (7) skin_number parameter to default.asp.
CVE-2005-4486 1 Quantum Art 1 Qp7 Enterprise 2026-04-16 N/A
SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp
CVE-2005-4487 1 Ramsite 1 R1 Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchfield parameter.
CVE-2005-4488 1 Computeroil 1 Redakto Cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) iid, (2) iid2, (3) r, (4) cart, (5) str, (6) nf, and (7) a parameters.
CVE-2005-4490 1 Commercial Interactive Media 1 Scoop 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) keyword and (2) invalid parameter to articleSearch.asp; (3) username and (4) invalid parameter to lostPassword.asp; (5) Username, (6) Password, and (7) invalid parameter to account_login.asp; (8) area, (9) articleZoneID, (10) r, and (11) invalid parameters to category.asp; and invalid parameters to (12) articleZone.asp, (13) prePurchaserRegistration.asp, and (14) requestDemo.asp.
CVE-2005-4492 1 Starphire Technologies 5 Sitesage, Sitesage-ee, Sitesage-le and 2 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the norelay_highlight_words parameter.
CVE-2005-4504 1 Apple 4 Mac Os X, Mac Os X Server, Safari and 1 more 2026-04-16 N/A
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
CVE-2005-4505 1 Mcafee 2 Common Management Agent, Virusscan Enterprise 2026-04-16 N/A
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
CVE-2005-4514 1 Webwasher 1 Csm Appliance Suite 2026-04-16 N/A
The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detection of malicious tokens, which allows attackers to bypass script detection by using tokens that can be upper or lower case. NOTE: the vendor has stated that this problem could not be reproduced, and has asked the researcher for more information, without a response as of 20060103
CVE-2005-4521 1 Mantis 1 Mantis 2026-04-16 N/A
CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
CVE-2005-4554 1 Dev 1 Dev Web Management System 2026-04-16 N/A
Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.
CVE-2005-4157 1 Kerio 1 Winroute Firewall 2026-04-16 N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.
CVE-2005-4149 1 Lyris Technologies Inc 1 Listmanager 2026-04-16 N/A
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
CVE-2005-1381 1 Oracle 1 Application Server Web Cache 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
CVE-2005-3233 1 Trustix 1 Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-1384 1 Coinsoft Technologies 1 Phpcoin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.
CVE-2005-1386 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message.
CVE-2005-1391 1 Apsis 1 Pound 2026-04-16 N/A
Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.
CVE-2005-1392 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.
CVE-2005-1394 1 Esri 1 Arcinfo Workstation 2026-04-16 N/A
Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.