Total
29617 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4525 | 1 Sygate Technologies | 1 Protection Agent | 2025-04-03 | N/A |
| SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch. | ||||
| CVE-2005-4526 | 1 Clearswift | 1 Mimesweeper For Web | 2025-04-03 | N/A |
| Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file. | ||||
| CVE-2005-4527 | 1 Direct News | 1 Direct News | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters. | ||||
| CVE-2005-4528 | 1 Chatspot | 1 Chatspot | 2025-04-03 | N/A |
| SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-4529 | 1 Chatspot | 1 Chatspot | 2025-04-03 | N/A |
| The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors. | ||||
| CVE-2005-4530 | 1 Alstrasoft | 1 Epay | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm. | ||||
| CVE-2005-4546 | 1 Epic Designs | 1 Eggblog | 2025-04-03 | N/A |
| search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. | ||||
| CVE-2005-4548 | 1 Rws | 1 Statistics Counter | 2025-04-03 | N/A |
| SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-4549 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article. | ||||
| CVE-2005-4550 | 1 Oracle | 1 Application Server Discussion Forum Portlet | 2025-04-03 | N/A |
| The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00). | ||||
| CVE-2005-4551 | 1 Simpbook | 1 Simpbook | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php. | ||||
| CVE-2005-4552 | 1 Sun | 1 Solaris Pc Netlink | 2025-04-03 | N/A |
| The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges. | ||||
| CVE-2005-4553 | 1 Kmint21 Software | 1 Golden Ftp Server | 2025-04-03 | N/A |
| Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2006-0651 | 1 Vwdev | 1 Vwdev | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | ||||
| CVE-2005-4572 | 1 Myezshop | 1 Myezshop Shopping Cart | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2005-4574 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter. | ||||
| CVE-2005-4575 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-03 | N/A |
| PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message. | ||||
| CVE-2005-4576 | 1 Fatwire | 1 Updateengine | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters. | ||||
| CVE-2005-4578 | 1 Hitachi | 1 Business Logic | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. | ||||
| CVE-2005-4579 | 1 Hitachi | 1 Business Logic | 2025-04-03 | N/A |
| Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form. | ||||