Export limit exceeded: 20044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363690 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4428 1 Cerberus 1 Cerberus Helpdesk 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter.
CVE-2005-4429 1 Cs-cart 1 Cs-cart 2026-04-16 N/A
SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php.
CVE-2005-4430 1 Logicnow 1 Logicbill 2026-04-16 N/A
SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.
CVE-2005-4434 1 Abledesign 1 Abledesign 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4436 1 Extended Interior Gateway Routing Protocol 1 Extended Interior Gateway Routing Protocol 2026-04-16 N/A
Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV).
CVE-2005-4438 1 Dec2rar.dll 1 Dec2rar.dll 2026-04-16 N/A
Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.
CVE-2005-4442 1 Openldap 1 Openldap 2026-04-16 N/A
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
CVE-2005-4445 1 David Harris 1 Pegasus Mail 2026-04-16 N/A
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
CVE-2005-4446 1 Aspbite 1 Aspbite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter.
CVE-2005-4449 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP files by setting the file parameter to an arbitrary file and injecting the code into the body parameter. NOTE: if a FlatNuke administrator is normally assumed to be able to modify arbitrary content, then this issue does not cross privilege boundaries and would not be a vulnerability.
CVE-2005-4450 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed.
CVE-2005-4451 1 Hp 1 Hp-ux 2026-04-16 N/A
Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors.
CVE-2005-4452 1 Information Call Center 1 Information Call Center 2026-04-16 N/A
Information Call Center stores the CallCenterData.mdb database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.
CVE-2005-4453 1 Ultraapps 1 Ultraapps Issue Manager 2026-04-16 N/A
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.
CVE-2005-4454 1 Livejournal 1 Livejournal 2026-04-16 N/A
Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, when the cleancss option is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks via a "\" (backslash) within a "javascript" scheme in a style property (such as "javas\cript"), which bypasses the "javascript" check before the "\" is stripped and then rendered in web browsers that allow scripting in style sheets.
CVE-2005-4455 1 Livejournal 1 Livejournal 2026-04-16 N/A
cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi.
CVE-2005-4456 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-16 N/A
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402.
CVE-2005-4457 1 Mailenable 1 Mailenable Enterprise 2026-04-16 N/A
MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command.
CVE-2005-4458 1 Metadot 1 Metadot Portal Server 2026-04-16 N/A
Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN, and $IS_MANAGER global variables when performing checks for special privileges, which allows users to gain administrator privileges by adding themselves to the SITE_MGR group.
CVE-2005-4459 1 Vmware 4 Ace, Gsx Server, Player and 1 more 2026-04-16 N/A
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.