Export limit exceeded: 363915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363915 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4368 1 Roundcube 1 Webmail 2026-04-16 N/A
roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error message.
CVE-2005-4369 1 The Collective 1 Acuity Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp.
CVE-2005-4370 1 Acidcat 1 Acidcat 2026-04-16 N/A
SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp.
CVE-2005-4371 1 Acidcat 1 Acidcat 2026-04-16 N/A
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb.
CVE-2005-4372 1 Liquid Bytes Technologies 1 Adaptive Website Framework 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-4374 1 Allinta 1 Allinta 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.
CVE-2005-4376 1 Box Uk 1 Amaxus 2026-04-16 N/A
Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.
CVE-2005-4377 1 Nma 1 Baseline Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters.
CVE-2005-4378 1 Nma 1 Baseline Cms 2026-04-16 N/A
SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter.
CVE-2005-4379 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; the (3) blog_id parameter to (e) blogs/view.php; and the (4) search field to (f) users/my_groups.php.
CVE-2005-4380 1 Bitweaver 1 Bitweaver 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.
CVE-2005-4382 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute arbitrary SQL commands via the (1) nodeID, (2) pageID, (3) ID, and (4) parentid parameter to index.cfm; and (5) documentFormatId parameter to document/docWindow.cfm.
CVE-2005-4383 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters.
CVE-2005-4384 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
CVE-2005-4386 1 Colony 4 Colony Cms, Colony E-commerce Cms, Colony Enterprise Cms and 1 more 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-4387 1 Contenite 1 Contenite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2005-4388 1 Contens 1 Contens 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the near parameter.
CVE-2005-4389 1 Contens 1 Contens 2026-04-16 N/A
search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.
CVE-2005-4390 1 Contentserv 1 Contentserv 2026-04-16 N/A
SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the StoryID parameter.
CVE-2005-4391 1 Mindroute Software 1 Damoon 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter.