Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-3935 | 1 Socketkb | 1 Socketkb | 2025-04-03 | N/A |
| SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. | ||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | ||||
| CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2025-04-03 | N/A |
| SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-3987 | 1 Tradesoft | 1 Tradesoft Cms | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | ||||
| CVE-2005-3989 | 1 Avaya | 1 Tn2602ap Ip Media Resource 320 Circuit Pack | 2025-04-03 | N/A |
| Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | ||||
| CVE-2005-4005 | 1 Php Fusion | 1 Php Fusion | 2025-04-03 | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | ||||
| CVE-2005-4004 | 1 Infinetsoftware | 1 Mytemplatesite | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | ||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2025-04-03 | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | ||||
| CVE-2005-4014 | 1 Php Web | 1 Statistik | 2025-04-03 | N/A |
| stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value. | ||||
| CVE-2005-4015 | 1 Php Web | 1 Statistik | 2025-04-03 | N/A |
| PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php. | ||||
| CVE-2005-4016 | 1 Widget Press | 1 Widget Property | 2025-04-03 | N/A |
| SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | ||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2025-04-03 | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | ||||
| CVE-2005-4022 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag. | ||||
| CVE-2005-4023 | 1 Gallery Project | 1 Gallery | 2025-04-03 | N/A |
| Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | ||||
| CVE-2005-4024 | 1 Interspire | 1 Fastfind | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | ||||
| CVE-2005-4026 | 1 Geeklog | 1 Geeklog | 2025-04-03 | N/A |
| search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message. | ||||
| CVE-2005-4035 | 1 Web4future | 1 Web4future Ecommerce | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the bid parameter to (b) viewbrands.php; and the (4) grp and (5) cat parameters to index.php. | ||||
| CVE-2005-4037 | 1 Web4future | 1 Affiliate Manager Professional | 2025-04-03 | N/A |
| SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. | ||||
| CVE-2005-4043 | 1 Hobosworld | 1 Hobsr | 2025-04-03 | N/A |
| SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters. | ||||
| CVE-2005-4054 | 1 Pluggedout | 1 Pluggedout Blog | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter. | ||||