Search Results (366627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4671 1 Citypost 1 Simple Php Upload 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
CVE-2005-4663 1 Ocomon 1 Ocomon 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2006-4430 1 Cisco 2 Network Admission Control, Network Admission Control Manager And Server System Software 2026-04-16 N/A
The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. NOTE: the vendor has disputed the severity of this issue, stating that users cannot bypass authentication mechanisms.
CVE-2005-4510 1 Extensis 1 Netpublish Server 2026-04-16 N/A
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
CVE-2005-4520 1 Mantis 1 Mantis 2026-04-16 N/A
Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors. NOTE: due to a lack of relevant details in the vendor changelog, which is the source of this description, it is unclear whether this is a duplicate of another CVE.
CVE-2005-4576 1 Fatwire 1 Updateengine 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters.
CVE-2006-4416 1 Ibm 1 Aix 2026-04-16 N/A
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.
CVE-2006-4417 1 Xoops 1 Xoops 2026-04-16 N/A
SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter.
CVE-2005-4595 1 Gentoo 2 Nview, Xnview 2026-04-16 N/A
Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
CVE-2006-4427 1 Efiction 1 Efiction 2026-04-16 N/A
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1".
CVE-2005-4605 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
CVE-2005-4611 1 Phpfreebies.com 1 Free Clickbank 2026-04-16 N/A
SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter.
CVE-2005-4640 1 Class-1 1 Poll Software 2026-04-16 N/A
SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters.
CVE-2005-4508 1 Nexus Concepts 1 Dev Hound 2026-04-16 N/A
Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path via a URL containing a non-existent .dll file.
CVE-2005-4479 1 Phpslash 1 Phpslash 2026-04-16 N/A
SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to execute arbitrary SQL commands via the story_id parameter.
CVE-2005-4477 1 Papaya 1 Papaya Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter.
CVE-2005-4475 1 Alkacon 1 Opencms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2006-4382 1 Apple 1 Quicktime 2026-04-16 N/A
Multiple buffer overflows in Apple QuickTime before 7.1.3 allow user-assisted remote attackers to execute arbitrary code via a crafted QuickTime movie.
CVE-2006-4381 1 Apple 1 Quicktime 2026-04-16 N/A
Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted H.264 movie.
CVE-2005-4425 1 Kerio 1 Winroute Firewall 2026-04-16 N/A
Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a denial of service (crash) via certain RTSP streams.