Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3960 | 1 Kadu | 1 Kadu | 2025-04-03 | N/A |
| Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | ||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | ||||
| CVE-2005-3998 | 1 Solupress | 1 Solupress News | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. | ||||
| CVE-2005-3992 | 1 Wineggdropshell | 1 Wineggdropshell | 2025-04-03 | N/A |
| Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | ||||
| CVE-2005-3999 | 1 Sitebeater | 1 Sitebeater Mp3 Catalog | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. | ||||
| CVE-2005-4021 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | ||||
| CVE-2005-4023 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2005-4024 | 1 Interspire | 1 Fastfind | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-4025 | 1 Help Desk Reloaded | 1 Free Help Desk | 2025-04-03 | N/A |
| Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. | ||||
| CVE-2005-4026 | 1 Geeklog | 1 Geeklog | 2025-04-03 | N/A |
| search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. | ||||
| CVE-2005-4028 | 1 Amember | 1 Amember | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login parameter to member.php. | ||||
| CVE-2005-4074 | 1 Mycfnuke | 1 Cf Nuke | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (1) sector or (2) page parameters. | ||||
| CVE-2005-4075 | 1 Mycfnuke | 1 Cf Nuke | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector. | ||||
| CVE-2005-4072 | 1 Cfmagic | 1 Magic Forum Personal | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, as used in the "Search For:" field. | ||||
| CVE-2005-4076 | 1 Appfluent Technology | 1 Database Ids | 2025-04-03 | N/A |
| Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable. | ||||
| CVE-2005-4086 | 1 Sugarcrm | 1 Sugar Suite | 2025-04-03 | N/A |
| Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter. | ||||
| CVE-2005-4143 | 1 Lyris | 1 List Manager | 2025-04-03 | N/A |
| SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL. | ||||
| CVE-2005-4144 | 1 Lyris | 1 List Manager | 2025-04-03 | N/A |
| Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace. | ||||
| CVE-2005-4145 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack. | ||||
| CVE-2005-4146 | 1 Lyris Technologies Inc | 1 Listmanager | 2025-04-03 | N/A |
| Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information. | ||||