Export limit exceeded: 346665 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346665 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2026-04-16 | N/A |
| SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | ||||
| CVE-2005-4618 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user memory and possibly cause a denial of service via a long string, which causes sysctl to write a zero byte outside the buffer. NOTE: since the sysctl is called from a userland program that provides the argument, this might not be a vulnerability, unless a legitimate user-assisted or setuid scenario can be identified. | ||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | ||||
| CVE-2005-4620 | 1 Rarlab | 1 Winrar | 2026-04-16 | N/A |
| Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability. | ||||
| CVE-2005-4622 | 1 Efilego | 1 Efilego | 2026-04-16 | N/A |
| Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe. | ||||
| CVE-2005-4623 | 1 Efilego | 1 Efilego | 2026-04-16 | N/A |
| upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name. | ||||
| CVE-2005-4624 | 1 Ptnet | 1 Ptnet Ircd | 2026-04-16 | N/A |
| The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | ||||
| CVE-2005-4625 | 3 Ati, Intel, Microsoft | 3 Catalyst Driver, Display Adapter Driver, Internet Explorer | 2026-04-16 | N/A |
| Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999. | ||||
| CVE-2005-4626 | 1 Recruitment Software | 1 Recruitment Software | 2026-04-16 | N/A |
| The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. | ||||
| CVE-2005-4636 | 1 Openoffice | 1 Openoffice | 2026-04-16 | N/A |
| OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings. | ||||
| CVE-2005-4637 | 1 Kayako | 1 Supportsuite | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. | ||||
| CVE-2005-4777 | 1 Tashcom | 1 Aspedit | 2026-04-16 | N/A |
| Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password. | ||||
| CVE-2005-4639 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array". | ||||
| CVE-2005-4640 | 1 Class-1 | 1 Poll Software | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | ||||
| CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2026-04-16 | N/A |
| SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | ||||
| CVE-2005-4643 | 1 Antharia | 1 Oncontent Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE. | ||||
| CVE-2005-4644 | 1 Edgewall Software | 1 Trac | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | ||||
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | ||||
| CVE-2005-4662 | 1 Ocomon | 1 Ocomon | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. | ||||
| CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | ||||