Export limit exceeded: 363701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363701 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4414 | 1 Open Lab | 1 Teamwork | 2026-04-16 | N/A |
| Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." | ||||
| CVE-2005-4417 | 3 Anycom, Belkin, Widcomm | 3 Blue Usb-130-250 Software, Bluetooth Software, Bluetooth For Windows | 2026-04-16 | N/A |
| The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | ||||
| CVE-2005-4418 | 1 Vserver | 1 Util-vserver | 2026-04-16 | N/A |
| util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities. | ||||
| CVE-2005-4419 | 1 Quicksquare Development | 2 Honeycomb Archive, Honeycomb Archive Enterprise | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters. | ||||
| CVE-2005-4420 | 1 Quicksquare Development | 1 Honeycomb Archive Enterprise | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm. | ||||
| CVE-2005-4421 | 1 Dev-editor | 1 Dev-editor | 2026-04-16 | N/A |
| Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name. | ||||
| CVE-2005-4422 | 1 Toenda Software Development | 1 Toendacms | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums. | ||||
| CVE-2005-4423 | 1 Phpfm | 1 Phpfm | 2026-04-16 | N/A |
| Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell." | ||||
| CVE-2005-4424 | 1 Phpkit | 1 Phpkit | 2026-04-16 | N/A |
| Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00. | ||||
| CVE-2005-4426 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in YaBB. | ||||
| CVE-2005-4427 | 1 Cerberus | 1 Cerberus Helpdesk | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to attachment_send.php, (2) the $addy variable in email_parser.php, (3) $address variable in email_parser.php, (4) $a_address variable in structs.php, (5) kbid parameter to cer_KnowledgebaseHandler.class.php, (6) queues[] parameter to addresses_export.php, (7) $thread variable to display.php, (8) ticket parameter to display_ticket_thread.php. | ||||
| CVE-2005-4428 | 1 Cerberus | 1 Cerberus Helpdesk | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | ||||
| CVE-2005-4429 | 1 Cs-cart | 1 Cs-cart | 2026-04-16 | N/A |
| SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | ||||
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2026-04-16 | N/A |
| SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | ||||
| CVE-2005-4434 | 1 Abledesign | 1 Abledesign | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4436 | 1 Extended Interior Gateway Routing Protocol | 1 Extended Interior Gateway Routing Protocol | 2026-04-16 | N/A |
| Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 12.3(3)B, and 12.3(2)T and other products, allows remote attackers to cause a denial of service by sending a "spoofed neighbor announcement" with (1) mismatched k values or (2) "goodbye message" Type-Length-Value (TLV). | ||||
| CVE-2005-4438 | 1 Dec2rar.dll | 1 Dec2rar.dll | 2026-04-16 | N/A |
| Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field. | ||||
| CVE-2005-4442 | 1 Openldap | 1 Openldap | 2026-04-16 | N/A |
| Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | ||||
| CVE-2005-4445 | 1 David Harris | 1 Pegasus Mail | 2026-04-16 | N/A |
| Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | ||||
| CVE-2005-4446 | 1 Aspbite | 1 Aspbite | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | ||||