Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345077 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345077 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4368 | 1 Roundcube | 1 Webmail | 2026-04-16 | N/A |
| roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message. | ||||
| CVE-2005-4369 | 1 The Collective | 1 Acuity Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. | ||||
| CVE-2005-4370 | 1 Acidcat | 1 Acidcat | 2026-04-16 | N/A |
| SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp. | ||||
| CVE-2005-4371 | 1 Acidcat | 1 Acidcat | 2026-04-16 | N/A |
| Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. | ||||
| CVE-2005-4372 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | ||||
| CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2026-04-16 | N/A |
| Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | ||||
| CVE-2005-4379 | 1 Bitweaver | 1 Bitweaver | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php. | ||||
| CVE-2005-4381 | 1 Caravel Cms | 1 Caravel Cms | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters. | ||||
| CVE-2005-4382 | 1 Citysoft | 1 Community Enterprise | 2026-04-16 | N/A |
| SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm. | ||||
| CVE-2005-4384 | 1 Citysoft | 1 Community Enterprise | 2026-04-16 | N/A |
| CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm. | ||||
| CVE-2005-4389 | 1 Contens | 1 Contens | 2026-04-16 | N/A |
| search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters. | ||||
| CVE-2005-4390 | 1 Contentserv | 1 Contentserv | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter. | ||||
| CVE-2005-4391 | 1 Mindroute Software | 1 Damoon | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. | ||||
| CVE-2005-4392 | 1 E-publish | 1 E-publish | 2026-04-16 | N/A |
| SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2005-4393 | 1 E-publish | 1 E-publish | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters. | ||||
| CVE-2005-4394 | 1 Formicary Ltd. | 1 Epix | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters. | ||||
| CVE-2005-4395 | 1 Farcry | 1 Farcry | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter. | ||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | ||||
| CVE-2005-4397 | 1 Icms Content Management Systems | 1 Icms | 2026-04-16 | N/A |
| SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | ||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2026-04-16 | N/A |
| NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product. | ||||