Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4156 1 Mambo 1 Mambo Open Source 4.5 2026-04-16 N/A
Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query string that ends with a NULL character.
CVE-2005-4157 1 Kerio 1 Winroute Firewall 2026-04-16 N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.
CVE-2005-4168 1 Efiction Project 1 Efiction 2026-04-16 N/A
Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the let parameter in a viewlist action to titles.php and (2) the username.
CVE-2005-4169 1 Efiction Project 1 Efiction 2026-04-16 N/A
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php.
CVE-2005-4172 1 Efiction Project 1 Efiction 2026-04-16 N/A
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message.
CVE-2005-4173 1 Efiction Project 1 Efiction 2026-04-16 N/A
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function.
CVE-2005-4176 1 Award 1 Award Bios Modular 2026-04-16 N/A
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
CVE-2005-4193 1 Usebb 1 Usebb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER['PHP_SELF'] variable.
CVE-2005-4194 1 Innovateware 1 Sights N Sounds Streaming Media Server 2026-04-16 N/A
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string.
CVE-2005-4201 1 Showalbumonline 1 My Album Online 2026-04-16 N/A
Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.
CVE-2005-4208 1 Flatnuke 1 Flatnuke 2026-04-16 N/A
Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.
CVE-2005-4222 1 Lars Ellingsen 1 Guestserver 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified message fields.
CVE-2005-4221 1 Arab Portal 1 Arab Portal 2026-04-16 N/A
SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID (session ID) or (2) REQUEST_URI (query string).
CVE-2005-4236 1 Cartkeeper 1 Ckgold Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.
CVE-2005-4238 1 Mantis 1 Mantis 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.
CVE-2005-4239 1 Php Jackknife 1 Php Jackknife 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter.
CVE-2005-4235 1 Whmcompletesolution 1 Whmcompletesolution 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.
CVE-2005-4249 1 Adp 1 Adp Forum 2026-04-16 N/A
ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via requests to the forum/users directory.
CVE-2005-4255 1 Wikkawiki 1 Wikkawiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter.
CVE-2005-4257 1 Linksys 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more 2026-04-16 N/A
Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID.