Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4374 1 Allinta 1 Allinta 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp.
CVE-2005-4384 1 Citysoft 1 Community Enterprise 2026-04-16 N/A
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
CVE-2005-4407 1 Tmc Visionpool 1 Mercury Cms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters.
CVE-2005-4409 1 Mmbase 1 Mmbase 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2006-4380 2 Mysql, Redhat 2 Mysql, Enterprise Linux 2026-04-16 N/A
MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
CVE-2005-4416 1 Tml 1 Tml 2026-04-16 N/A
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2005-4418 1 Vserver 1 Util-vserver 2026-04-16 N/A
util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.
CVE-2005-4803 1 Graphviz 1 Graphviz 2026-04-16 N/A
graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. NOTE: this issue was originally associated with a different CVE identifier, CVE-2005-2965, which had been used for multiple different issues. This is the correct identifier.
CVE-2005-4804 1 Sun 1 Java System Application Server 2026-04-16 N/A
Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.
CVE-2005-4811 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function.
CVE-2005-4819 1 Ibm 1 Lotus Domino 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2005-4826 1 Cisco 1 Ios 2026-04-16 N/A
Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.
CVE-2006-0162 1 Clam Anti-virus 1 Clamav 2026-04-16 N/A
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
CVE-2006-0163 1 Francisco Burzi 1 Php-nuke Ev 2026-04-16 N/A
SQL injection vulnerability in the search module (modules/Search/index.php) of PHPNuke EV 7.7 -R1 allows remote attackers to execute arbitrary SQL commands via the query parameter, which is used by the search field. NOTE: This is a different vulnerability than CVE-2005-3792.
CVE-2005-1520 1 Gnu 1 Mailutils 2026-04-16 N/A
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
CVE-2006-0185 1 Php-nuke 2 News Module, Pool Module 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.
CVE-2006-4536 1 Cms Frogss 1 Cms Frogss 2026-04-16 N/A
SQL injection vulnerability in module/rejestracja.php in CMS Frogss 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the podpis parameter.
CVE-2006-4540 1 Learn.com 1 Learncenter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in learncenter.asp in Learn.com LearnCenter allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2006-4546 1 Lyris 1 List Manager 2026-04-16 N/A
Lyris ListManager 8.95 allows remote authenticated users, who have administrative privileges for at least one list on the server, to add new administrators to any list via a modified MEMBERS_.List_ parameter.
CVE-2006-0216 1 Qualityebiz 1 Quality Ppc 2026-04-16 N/A
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter.