Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4269 1 Microsoft 3 Ie, Windows 2003 Server, Windows Xp 2026-04-16 N/A
mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
CVE-2005-4271 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.
CVE-2005-4274 1 Businessobjects 1 Webintelligence 2026-04-16 N/A
Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause a denial of service (user account lock out) via unknown attack vectors related to "authentication mechanisms" and "form input."
CVE-2005-4275 1 Scientific Atlanta 1 Dpx2100 Cable Modem 2026-04-16 N/A
Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2. NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information.
CVE-2005-4276 1 Westell 1 Versalink 2026-04-16 N/A
Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information.
CVE-1999-1379 1 Dnstools Software 1 Dnstools 2026-04-16 N/A
DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
CVE-2005-4278 1 Larry Wall 1 Perl 2026-04-16 N/A
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
CVE-2005-4279 1 Gentoo 1 Qt-unixodbc 2026-04-16 N/A
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
CVE-2005-4285 1 Dick Copits 1 Pdestore 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters.
CVE-2005-4291 1 Ectools 1 Ectools Onlineshop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters.
CVE-1999-1384 1 Sgi 1 Irix 2026-04-16 N/A
Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.
CVE-2005-4293 1 Kryptronic 1 Clickcartpro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter.
CVE-2005-4294 1 Alkacon 1 Opencms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page.
CVE-2005-4295 1 Xigla 1 Absolute Image Gallery Xe 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2005-4297 1 Bbboard 1 Bbboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter.
CVE-2005-4299 1 Atlantpro.com 1 Atlant Pro 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters.
CVE-2005-4303 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter.
CVE-2005-4304 1 Indexcor 1 Ezdatabase 2026-04-16 N/A
index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments.
CVE-2005-4305 1 Edgewall Software 1 Trac 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly sanitized before it is returned in an error page.
CVE-2005-4317 1 Limbo Cms 1 Limbo Cms 2026-04-16 N/A
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.