Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3638 1 Ekinboard 1 Ekinboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter in profile.php and (2) titles of posts.
CVE-2005-3649 1 Moodle 1 Moodle 2026-04-16 N/A
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
CVE-2005-3657 1 Mcafee 2 Mcinsctl.dll, Virusscan Security Center 2026-04-16 N/A
The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security Center does not use the IObjectSafetySiteLock API to restrict access to required domains, which allows remote attackers to create or append to arbitrary files via the StartLog and AddLog methods in the MCINSTALL.McLog object.
CVE-2005-3665 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation.
CVE-2005-4303 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
CVE-2005-4309 1 Scriptscenter 1 Ezupload Pro 2026-04-16 N/A
SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters.
CVE-2005-4312 1 Almondsoft 1 Almond Classifieds 2026-04-16 N/A
SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4314 1 Ppcal Shopping Cart 1 Ppcal Shopping Cart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters.
CVE-2005-4324 1 Hitachi 1 Groupmax Mail Smtp 2026-04-16 N/A
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."
CVE-2005-4331 1 Ihtml Merchant 1 Ihtml Merchant 2026-04-16 N/A
SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.
CVE-2005-4341 1 Blackboard 1 Academic Suite 2026-04-16 N/A
Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure.
CVE-2005-4356 1 Xmpie 1 Ustore 2026-04-16 N/A
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4358 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
CVE-2005-4359 1 Oodie 1 Odfaq 2026-04-16 N/A
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
CVE-2005-4355 1 Xmpie 1 Ustore 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4363 1 Komodo 1 Komodo Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2005-4367 1 Fad Solutions 1 Drzes Hms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4.
CVE-2005-4377 1 Nma 1 Baseline Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters.
CVE-2005-4375 1 Box Uk 1 Amaxus 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376.
CVE-2005-4376 1 Box Uk 1 Amaxus 2026-04-16 N/A
Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter.