Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-2544 1 Comdev 1 Comdev Ecommerce 2026-04-16 N/A
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter.
CVE-2005-3308 1 Zomplog 1 Zomplog 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.
CVE-2005-3309 1 Zomplog 1 Zomplog 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php.
CVE-2005-2567 1 Syscp Team 1 Syscp 2026-04-16 N/A
PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter.
CVE-2005-3312 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.
CVE-2005-3734 1 Phpmyfaq 1 Phpmyfaq 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters.
CVE-2005-2568 1 Syscp Team 1 Syscp 2026-04-16 N/A
Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function.
CVE-2005-3313 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).
CVE-2005-3735 1 Coastal Data Management 1 E-quick Cart 2026-04-16 N/A
Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp.
CVE-2005-2570 1 Funkboard 1 Funkboard 2026-04-16 N/A
FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message.
CVE-2005-3319 1 Php 1 Php 2026-04-16 N/A
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
CVE-2005-3737 1 Inkscape 1 Inkscape 2026-04-16 N/A
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
CVE-2005-2571 1 Funkboard 1 Funkboard 2026-04-16 N/A
FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.
CVE-2005-3320 1 Siteturn 1 Domain Manager Pro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
CVE-2005-3743 1 Simplepoll 1 Simplepoll 2026-04-16 N/A
SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter.
CVE-2005-2573 2 Mysql, Oracle 2 Mysql, Mysql 2026-04-16 N/A
The mysql_create_function function in sql_udf.cc for MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta, when running on Windows, uses an incomplete blacklist in a directory traversal check, which allows attackers to include arbitrary files via the backslash (\) character.
CVE-2005-3321 2 Novell, Suse 2 Suse Linux, Suse Linux 2026-04-16 N/A
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
CVE-2005-2574 1 Xmb Forum 1 Xmb 2026-04-16 N/A
xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as _SERVER[REMOTE_ADDR].
CVE-2005-3322 2 Squid, Suse 2 Squid, Suse Linux 2026-04-16 N/A
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
CVE-2005-3745 2 Apache, Redhat 2 Struts, Rhel Application Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message.