Export limit exceeded: 363915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363915 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4347 | 1 Debian | 2 Debian Linux, Kernel-patch-vserver | 2026-04-16 | N/A |
| The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver. | ||||
| CVE-2005-4348 | 2 Fetchmail, Redhat | 2 Fetchmail, Enterprise Linux | 2026-04-16 | N/A |
| fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers. | ||||
| CVE-2005-4349 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | 6.3 Medium |
| SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450 | ||||
| CVE-2005-4350 | 1 Sun | 1 Wbem Services | 2026-04-16 | N/A |
| Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors. | ||||
| CVE-2005-4351 | 4 Dragonfly, Freebsd, Linux and 1 more | 4 Dragonfly, Freebsd, Linux Kernel and 1 more | 2026-04-16 | N/A |
| The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running. | ||||
| CVE-2005-4353 | 1 Toenda Software Development | 1 Toendacms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2005-4354 | 1 University Of Arizona | 1 Webglimpse | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-4355 | 1 Xmpie | 1 Ustore | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4356 | 1 Xmpie | 1 Ustore | 2026-04-16 | N/A |
| SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4357 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover. | ||||
| CVE-2005-4358 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | ||||
| CVE-2005-4359 | 1 Oodie | 1 Odfaq | 2026-04-16 | N/A |
| SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php. | ||||
| CVE-2005-4360 | 1 Microsoft | 2 Internet Information Services, Windows Xp | 2026-04-16 | N/A |
| The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot). | ||||
| CVE-2005-4361 | 1 Magnolia | 1 Content Management Suite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-4362 | 1 Komodo | 1 Komodo Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter. | ||||
| CVE-2005-4363 | 1 Komodo | 1 Komodo Cms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | ||||
| CVE-2005-4365 | 1 Flip | 1 Flip | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. | ||||
| CVE-2004-2379 | 1 Calacode | 1 At Mail Webmail System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl. | ||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | ||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | ||||