Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363638 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363638 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3386 | 1 Techno Dreams | 1 Web Directory | 2026-04-16 | N/A |
| SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | ||||
| CVE-2005-3387 | 1 Luca Deri | 1 Ntop | 2026-04-16 | N/A |
| The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code. | ||||
| CVE-2005-3818 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. | ||||
| CVE-2005-3388 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment." | ||||
| CVE-2005-3821 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. | ||||
| CVE-2005-0593 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. | ||||
| CVE-2005-3389 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected. | ||||
| CVE-2005-0596 | 1 Php | 1 Php | 2026-04-16 | N/A |
| PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size. | ||||
| CVE-2005-3822 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. | ||||
| CVE-2005-3390 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field. | ||||
| CVE-2005-3823 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. | ||||
| CVE-2005-3392 | 1 Php | 1 Php | 2026-04-16 | N/A |
| Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives. | ||||
| CVE-2005-3824 | 1 Vtiger | 1 Vtiger Crm | 2026-04-16 | N/A |
| The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action. | ||||
| CVE-2005-3825 | 1 Comdev | 1 Comdev Vote Caster | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action. | ||||
| CVE-2005-3393 | 1 Openvpn | 2 Openvpn, Openvpn Access Server | 2026-04-16 | N/A |
| Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option. | ||||
| CVE-2005-3826 | 1 Ezy Helpdesk | 1 Ezyhelpdesk | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | ||||
| CVE-2005-3394 | 1 Oaboard | 1 Oaboard | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module. | ||||
| CVE-2005-3395 | 1 Invision Power Services | 1 Invision Gallery | 2026-04-16 | N/A |
| SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter. | ||||
| CVE-2005-3827 | 1 Agileco | 1 Agilebill | 2026-04-16 | N/A |
| SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2005-3828 | 1 Activecampaign | 1 Knowledgebuilder | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | ||||