Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4331 | 1 Ihtml Merchant | 1 Ihtml Merchant | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters. | |||||
| CVE-2005-4365 | 1 Flip | 1 Flip | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in forum.php. | |||||
| CVE-2005-4369 | 1 The Collective | 1 Acuity Cms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. | |||||
| CVE-2005-4372 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-4374 | 1 Allinta | 1 Allinta | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp. | |||||
| CVE-2005-4375 | 1 Box Uk | 1 Amaxus | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376. | |||||
| CVE-2005-4377 | 1 Nma | 1 Baseline Cms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters. | |||||
| CVE-2005-4378 | 1 Nma | 1 Baseline Cms | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter. | |||||
| CVE-2005-4381 | 1 Caravel Cms | 1 Caravel Cms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters. | |||||
| CVE-2005-3940 | 1 Greywyvern | 1 Orca Ringmaker | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-3828 | 1 Activecampaign | 1 Knowledgebuilder | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | |||||
| CVE-2005-3827 | 1 Agileco | 1 Agilebill | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3826 | 1 Ezy Helpdesk | 1 Ezyhelpdesk | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | |||||
| CVE-2005-4314 | 1 Ppcal Shopping Cart | 1 Ppcal Shopping Cart | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters. | |||||
| CVE-2005-4312 | 1 Almondsoft | 1 Almond Classifieds | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4311 | 1 Dcscripts | 2 Dcforum, Dcforum\+ | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, allows remote attackers to inject arbitrary web script or HTML via (1) the page parameter in dcboard.php and (2) unspecified search parameters. | |||||
| CVE-2005-4310 | 1 Ssh | 1 Tectia Server | 2011-03-08 | 7.5 HIGH | N/A |
| SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to log in with the wrong credentials. | |||||
| CVE-2005-4307 | 1 Jonathan Bravata | 1 Scarecrow | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi. | |||||
| CVE-2005-4306 | 1 Focalmedia.net | 1 Sitenet Bbs | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pg, (2) tid, (3) cid, and (4) fid parameters to netboardr.cgi, or (5) cid parameter to search.cgi. | |||||
| CVE-2005-4301 | 1 Phpxplorer | 1 Phpxplorer | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the address bar field. | |||||
| CVE-2005-4299 | 1 Atlantpro.com | 1 Atlant Pro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) before and (2) ct parameters. | |||||
| CVE-2005-4298 | 1 Atlantpro.com | 1 Atlantforum | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) sch_allsubct, (2) before, and (3) ct parameters. | |||||
| CVE-2005-4297 | 1 Bbboard | 1 Bbboard | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly via the "keys" parameter. | |||||
| CVE-2005-4295 | 1 Xigla | 1 Absolute Image Gallery Xe | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to inject arbitrary web script or HTML via the text parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4294 | 1 Alkacon | 1 Opencms | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page. | |||||
| CVE-2005-4293 | 1 Kryptronic | 1 Clickcartpro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the affl parameter. | |||||
| CVE-2005-4292 | 1 Internet Express Products | 1 Commercesql | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature. | |||||
| CVE-2005-4291 | 1 Ectools | 1 Ectools Onlineshop | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) product, (2) category, and (3) uid parameters. | |||||
| CVE-2005-4290 | 1 Soft4e | 1 Ecw-cart | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) kword, (2) max, (3) min, (4) comp, and (5) f parameters. | |||||
| CVE-2005-4286 | 1 Phplogcon | 1 Phplogcon | 2011-03-08 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving "'smart' values for userid and password," probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php. | |||||
| CVE-2005-4285 | 1 Dick Copits | 1 Pdestore | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the search module parameter or the (2) product and (3) cart_id parameters. | |||||
| CVE-2005-4302 | 1 Indexcor | 1 Ezdatabase | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attackers to include arbitrary local files via ".." sequences in the p parameter. | |||||
| CVE-2005-4284 | 1 Static Store | 1 Staticstore | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to search.cgi, possibly the keywords parameter. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged. | |||||
| CVE-2005-4283 | 1 Nightmedia | 1 The City Shop | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via parameters to the search module, possibly SKey to store.cgi. | |||||
| CVE-2005-4282 | 1 Zaygo | 1 Domaincart | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi. | |||||
| CVE-2005-4281 | 1 Zaygo | 1 Hostingcart | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via certain search module parameters, possibly the root parameter to zaygo.cgi. | |||||
| CVE-2005-4280 | 1 Kitware | 1 Cmake | 2011-03-08 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4279 | 1 Gentoo | 1 Qt-unixodbc | 2011-03-08 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4264 | 1 Triangle Solutions | 1 Php Support Tickets | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parameter. | |||||
| CVE-2005-4262 | 1 Envolution | 1 Envolution | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263). | |||||
| CVE-2005-4255 | 1 Wikkawiki | 1 Wikkawiki | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter. | |||||
| CVE-2005-4254 | 1 Dreamlevels | 1 Dream Poll | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4252 | 1 Mcgallery | 1 Mcgallery Pro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. | |||||
| CVE-2005-3825 | 1 Comdev | 1 Comdev Vote Caster | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action. | |||||
| CVE-2005-4251 | 1 Mcgallery | 1 Mcgallery Pro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php. | |||||
| CVE-2005-4250 | 1 Mcgallery | 1 Mcgallery Pro | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter. | |||||
| CVE-2005-4248 | 1 Quickpaypro | 1 Quickpaypro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. | |||||
| CVE-2005-4245 | 1 Snipegallery | 1 Snipe Gallery | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2005-4244 | 1 Snipegallery | 1 Snipe Gallery | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | |||||
| CVE-2005-4243 | 1 Quickpaypro | 1 Quickpaypro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php. | |||||