ReportizFlow
Filtered by vendor
Subscriptions
Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-4294 | 1 Alkacon | 1 Opencms | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page. | ||||
| CVE-2005-4296 | 1 Appserv Open Project | 1 Appserv | 2026-04-16 | N/A |
| AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request. | ||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2026-04-16 | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | ||||
| CVE-2005-4318 | 1 Limbo Cms | 1 Limbo Cms | 2026-04-16 | N/A |
| SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off, allows remote attackers to execute arbitrary SQL commands via the _SERVER[REMOTE_ADDR] parameter, which modifies the underlying $_SERVER variable. | ||||
| CVE-2005-4327 | 1 Webcal | 1 Webcal | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote attackers to inject arbitrary web script or HTML via the (1) function, (2) year, and (3) date parameters to webcal.cgi, (4) new calendar entries, and (5) notes for entries. | ||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2026-04-16 | N/A |
| SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | ||||
| CVE-2005-4342 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability." | ||||
| CVE-2005-4346 | 1 Anthony Boyd | 1 Phpbb Blog | 2026-04-16 | N/A |
| Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error. | ||||
| CVE-2005-4389 | 1 Contens | 1 Contens | 2026-04-16 | N/A |
| search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters. | ||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2026-04-16 | N/A |
| NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product. | ||||
| CVE-2005-4401 | 1 Lutece | 1 Lutece | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter. | ||||
| CVE-2004-1357 | 1 Sun | 1 Solaris | 2026-04-16 | N/A |
| The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. | ||||
| CVE-2004-1375 | 1 Hp | 1 Hp-ux | 2026-04-16 | N/A |
| Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. | ||||
| CVE-2004-1402 | 1 Iwebnegar | 1 Iwebnegar | 2026-04-16 | N/A |
| SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page. | ||||
| CVE-2004-1450 | 1 Mozilla | 1 Mozilla | 2026-04-16 | N/A |
| Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. | ||||
| CVE-2002-1828 | 1 Savant | 1 Savant Webserver | 2026-04-16 | N/A |
| Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value. | ||||
| CVE-2002-1838 | 1 Steve Sachs | 1 Charities.cron | 2026-04-16 | N/A |
| Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbitrary files via a symlink attack on temporary files. | ||||
| CVE-2004-1589 | 1 Gosmart | 1 Gosmart Message Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp. | ||||
| CVE-2004-1632 | 1 Moniwiki | 1 Moniwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php. | ||||
| CVE-2004-1647 | 1 Web Animations | 1 Password Protect | 2026-04-16 | N/A |
| SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp. | ||||