Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4055 1 Cars Portal 1 Cars Portal 2026-04-16 N/A
SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters.
CVE-2005-4056 1 Jonathan Beckett 1 Pluggedout Nexus 2026-04-16 N/A
SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters.
CVE-2005-4062 1 Xcent 1 Xcclassified 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.
CVE-2005-4065 1 Edgewall Software 1 Trac 2026-04-16 N/A
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2005-4084 1 Phpbb Styles 1 Phpbb Extreme Styles 2026-04-16 N/A
xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter.
CVE-2005-4082 1 Qnx 1 Qnx 2026-04-16 N/A
The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks.
CVE-2005-4081 1 Alisveristr 1 Alisveristr E-commerce 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages.
CVE-2005-4095 1 Docebolms 1 Docebolms 2026-04-16 N/A
Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command.
CVE-2005-4148 1 Lyris Technologies Inc 1 Listmanager 2026-04-16 N/A
Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page and reading the env variable from the resulting error message page.
CVE-2005-4150 1 Broadcom 1 Cleverpath Portal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.
CVE-2005-4146 1 Lyris Technologies Inc 1 Listmanager 2026-04-16 N/A
Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.
CVE-2005-4156 1 Mambo 1 Mambo Open Source 4.5 2026-04-16 N/A
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
CVE-2005-4157 1 Kerio 1 Winroute Firewall 2026-04-16 N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.
CVE-2005-4168 1 Efiction Project 1 Efiction 2026-04-16 N/A
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.
CVE-2005-4169 1 Efiction Project 1 Efiction 2026-04-16 N/A
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.
CVE-2005-4172 1 Efiction Project 1 Efiction 2026-04-16 N/A
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.
CVE-2005-4173 1 Efiction Project 1 Efiction 2026-04-16 N/A
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
CVE-2005-4176 1 Award 1 Award Bios Modular 2026-04-16 N/A
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
CVE-2005-4193 1 Usebb 1 Usebb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.
CVE-2005-4194 1 Innovateware 1 Sights N Sounds Streaming Media Server 2026-04-16 N/A
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string.