Total
29741 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4621 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | ||||
| CVE-2005-4622 | 1 Efilego | 1 Efilego | 2025-04-03 | N/A |
| Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe. | ||||
| CVE-2005-4623 | 1 Efilego | 1 Efilego | 2025-04-03 | N/A |
| upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name. | ||||
| CVE-2005-4626 | 1 Recruitment Software | 1 Recruitment Software | 2025-04-03 | N/A |
| The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request. | ||||
| CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-4666 | 1 Phlymail | 1 Phlymail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. | ||||
| CVE-2005-4668 | 1 Parosproxy | 1 Parosproxy | 2025-04-03 | N/A |
| The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. | ||||
| CVE-2005-4669 | 1 Rt Internet Solutions | 1 Rt Internet Solutions Webadmin | 2025-04-03 | N/A |
| SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | ||||
| CVE-2005-4670 | 1 Citypost | 1 Php Lnkx | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2005-4671 | 1 Citypost | 1 Simple Php Upload | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2005-4672 | 1 Citypost | 1 Simple Image Editor | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. | ||||
| CVE-2006-0769 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| Unspecified vulnerability in in.rexecd in Solaris 10 allows local users to gain privileges on Kerberos systems via unknown attack vectors. | ||||
| CVE-2005-4720 | 1 Mozilla | 1 Firefox | 2025-04-03 | N/A |
| Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack. | ||||
| CVE-2005-4721 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-4722 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2025-04-03 | N/A |
| _Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message. | ||||
| CVE-2005-4724 | 1 Phptagcool | 1 Phptagcool | 2025-04-03 | N/A |
| SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header. | ||||
| CVE-2005-4725 | 1 Geeklog | 1 Geeklog | 2025-04-03 | N/A |
| Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID. | ||||
| CVE-2005-4738 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | N/A |
| IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges. | ||||
| CVE-2005-4739 | 1 Ibm | 1 Db2 Universal Database | 2025-04-03 | N/A |
| IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action. | ||||
| CVE-2005-4741 | 1 Netbsd | 1 Netbsd | 2025-04-03 | N/A |
| NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials. | ||||