Export limit exceeded: 29922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29922 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4659 | 1 Ipcop | 1 Ipcop | 2025-04-03 | N/A |
| IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup. | ||||
| CVE-2005-4660 | 1 Ipcop | 1 Ipcop | 2025-04-03 | N/A |
| Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup. | ||||
| CVE-2005-4661 | 1 Campware.org | 1 Campsite | 2025-04-03 | N/A |
| The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | ||||
| CVE-2005-4663 | 1 Ocomon | 1 Ocomon | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2005-4664 | 1 Ocomon | 1 Ocomon | 2025-04-03 | N/A |
| SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662. | ||||
| CVE-2005-4665 | 1 Punbb | 1 Punbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. | ||||
| CVE-2005-4666 | 1 Phlymail | 1 Phlymail | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. | ||||
| CVE-2005-4668 | 1 Parosproxy | 1 Parosproxy | 2025-04-03 | N/A |
| The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. | ||||
| CVE-2005-4669 | 1 Rt Internet Solutions | 1 Rt Internet Solutions Webadmin | 2025-04-03 | N/A |
| SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. | ||||
| CVE-2005-4670 | 1 Citypost | 1 Php Lnkx | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | ||||
| CVE-2005-4671 | 1 Citypost | 1 Simple Php Upload | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | ||||
| CVE-2005-4672 | 1 Citypost | 1 Simple Image Editor | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. | ||||
| CVE-2005-4673 | 1 Inicom Networks | 1 Ioftpd | 2025-04-03 | N/A |
| ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames. | ||||
| CVE-2005-4674 | 1 Complete Php Counter | 1 Complete Php Counter | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter. | ||||
| CVE-2005-4675 | 1 Complete Php Counter | 1 Complete Php Counter | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. | ||||
| CVE-2005-4676 | 1 Andreas Huggel | 1 Exiv2 | 2025-04-03 | N/A |
| Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata. | ||||
| CVE-2005-4677 | 1 Oscommerce | 1 Oscommerce | 2025-04-03 | N/A |
| SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php. | ||||
| CVE-2005-4678 | 1 Apple | 1 Safari | 2025-04-03 | N/A |
| Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4679 | 1 Microsoft | 1 Ie | 2025-04-03 | N/A |
| Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site. | ||||
| CVE-2005-4680 | 1 Sophos | 1 Sophos Anti-virus | 2025-04-03 | N/A |
| Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned. | ||||