Export limit exceeded: 362694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362694 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4309 1 Scriptscenter 1 Ezupload Pro 2026-04-16 N/A
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
CVE-2005-4312 1 Almondsoft 1 Almond Classifieds 2026-04-16 N/A
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4318 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable.
CVE-2005-4332 1 Cisco 1 Network Admission Control Manager And Server System Software 2026-04-16 N/A
Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.
CVE-2005-4334 1 John Andersson 1 Zixforum 2026-04-16 N/A
SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp.
CVE-2005-4338 1 Blackboard 1 Academic Suite 2026-04-16 N/A
announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".
CVE-2005-4341 1 Blackboard 1 Academic Suite 2026-04-16 N/A
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure.
CVE-2005-4342 1 Macromedia 1 Coldfusion 2026-04-16 N/A
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."
CVE-2005-4365 1 Flip 1 Flip 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.
CVE-2005-4369 1 The Collective 1 Acuity Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp.
CVE-2005-4371 1 Acidcat 1 Acidcat 2026-04-16 N/A
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.
CVE-2005-4373 1 Liquid Bytes Technologies 1 Adaptive Website Framework 2026-04-16 N/A
Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message.
CVE-2005-4381 1 Caravel Cms 1 Caravel Cms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters.
CVE-2005-4382 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.
CVE-2005-4384 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
CVE-2005-4389 1 Contens 1 Contens 2026-04-16 N/A
search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.
CVE-2005-4392 1 E-publish 1 E-publish 2026-04-16 N/A
SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4394 1 Formicary Ltd. 1 Epix 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters.
CVE-2005-4396 1 Icms Content Management Systems 1 Icms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
CVE-2005-4398 1 Mindroute Software 1 Lemoon 2026-04-16 N/A
NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product.