Export limit exceeded: 363915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363915 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4347 1 Debian 2 Debian Linux, Kernel-patch-vserver 2026-04-16 N/A
The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.
CVE-2005-4348 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-16 N/A
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
CVE-2005-4349 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 6.3 Medium
SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450
CVE-2005-4350 1 Sun 1 Wbem Services 2026-04-16 N/A
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via unknown attack vectors.
CVE-2005-4351 4 Dragonfly, Freebsd, Linux and 1 more 4 Dragonfly, Freebsd, Linux Kernel and 1 more 2026-04-16 N/A
The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.
CVE-2005-4353 1 Toenda Software Development 1 Toendacms 2026-04-16 N/A
SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4354 1 University Of Arizona 1 Webglimpse 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2005-4355 1 Xmpie 1 Ustore 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4356 1 Xmpie 1 Ustore 2026-04-16 N/A
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4357 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary Javascript via a permitted HTML tag with " (quote) characters and active attributes such as onmouseover.
CVE-2005-4358 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
CVE-2005-4359 1 Oodie 1 Odfaq 2026-04-16 N/A
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
CVE-2005-4360 1 Microsoft 2 Internet Information Services, Windows Xp 2026-04-16 N/A
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
CVE-2005-4361 1 Magnolia 1 Content Management Suite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2005-4362 1 Komodo 1 Komodo Cms 2026-04-16 N/A
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2005-4363 1 Komodo 1 Komodo Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-4365 1 Flip 1 Flip 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php.
CVE-2004-2379 1 Calacode 1 At Mail Webmail System 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
CVE-2005-4366 1 Fad Solutions 1 Drzes Hms 2026-04-16 N/A
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137.
CVE-2005-4367 1 Fad Solutions 1 Drzes Hms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4.