Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-4792 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-1651 1 Brickhost 1 Phpscheduleit 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field.
CVE-2004-1652 1 Brickhost 1 Phpscheduleit 2026-04-16 N/A
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
CVE-2005-0221 1 Gallery Project 1 Gallery 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.
CVE-2005-4440 1 Vlan Protocol 1 Vlan Protocol 2026-04-16 N/A
The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traffic via a message with two 802.1q tags, which causes the second tag to be redirected from a downstream switch after the first tag has been stripped, as demonstrated by Yersinia, aka "double-tagging VLAN jumping attack."
CVE-2005-3199 1 Aspready Faq Manager 1 Aspready Faq Manager 2026-04-16 N/A
Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters.
CVE-2005-3200 1 Utopia Software 1 Utopia News Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php.
CVE-2005-3204 1 Oracle 2 Application Server, Oracle9i 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request.
CVE-2005-4446 1 Aspbite 1 Aspbite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter.
CVE-2004-1668 1 Easyweb 1 Factory Subjects Module 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.
CVE-2005-3208 1 Aenovo 3 Aenovo, Aenovoshop, Aenovowysi 2026-04-16 N/A
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
CVE-2006-2704 1 Secure Elements 1 C5 Enterprise Vulnerability Management 2026-04-16 N/A
Secure Elements Class 5 AVR server and client (aka C5 EVM) before 2.8.1 send messages in cleartext, which allows remote attackers to read sensitive vulnerability information.
CVE-2004-1687 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
CVE-2004-1691 1 Rhinosoft 1 Dns4me 2026-04-16 N/A
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
CVE-2005-4453 1 Ultraapps 1 Ultraapps Issue Manager 2026-04-16 N/A
UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain administrator privileges by modifying the original (1) p_User_user_id and (2) User_user_id parameters to UserProfile.aspx, then modifying the password field.
CVE-2004-1770 1 Cpanel 1 Cpanel 2026-04-16 N/A
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
CVE-2005-3223 1 Rising 1 Rising Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Rising Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3230 1 Panda 1 Activescan 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3232 1 Thehacker 1 Thehacker 2026-04-16 N/A
Multiple interpretation error in unspecified versions of TheHacker allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
CVE-2005-3233 1 Trustix 1 Antivirus 2026-04-16 N/A
Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.