Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4041 | 1 Mr. Cgi Guy | 2 Hot Links Pro, Hot Links Sql | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2005-4005 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | |||||
| CVE-2005-4004 | 1 Infinetsoftware | 1 Mytemplatesite | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4001 | 1 Phpyellow | 2 Phpyellowtm Lite, Phpyellowtm Pro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. | |||||
| CVE-2005-3993 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2011-03-08 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | |||||
| CVE-2005-3989 | 1 Avaya | 1 Tn2602ap Ip Media Resource 320 Circuit Pack | 2011-03-08 | 7.8 HIGH | N/A |
| Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | |||||
| CVE-2005-3988 | 1 Pineapple Technologies | 1 Lore | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3868 | 1 Turn-k | 1 K-search | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request. | |||||
| CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2011-03-08 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-4264 | 1 Triangle Solutions | 1 Php Support Tickets | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id parameter. | |||||
| CVE-2005-4042 | 1 Mr. Cgi Guy | 1 Warm Links | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi. | |||||
| CVE-2005-4262 | 1 Envolution | 1 Envolution | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to inject arbitrary web script or HTML via the (1) startrow and (2) catid parameter. NOTE: this issue might be resultant from the SQL injection problem (CVE-2005-4263). | |||||
| CVE-2005-3865 | 1 Scripts-templates | 1 Allweb Search | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2005-3864 | 1 Berlios | 1 Sourcewell | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2. | |||||
| CVE-2005-3978 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php. | |||||
| CVE-2005-3977 | 1 Qualityebiz | 1 Qualityppc | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. | |||||
| CVE-2005-3972 | 1 Extreme Corporate | 1 Extreme Search | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-3970 | 1 Mxchange | 1 Mxchange | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-4255 | 1 Wikkawiki | 1 Wikkawiki | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded phrase parameter. | |||||
| CVE-2005-3967 | 1 Atlassian | 1 Confluence | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. | |||||
| CVE-2005-4254 | 1 Dreamlevels | 1 Dream Poll | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3966 | 1 Java Search Engine | 1 Java Search Engine | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-3950 | 1 Nufw | 1 Nufw | 2011-03-08 | 6.8 MEDIUM | N/A |
| nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. | |||||
| CVE-2005-4252 | 1 Mcgallery | 1 Mcgallery Pro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. | |||||
| CVE-2005-3944 | 1 Faq System | 1 Faq System | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter. | |||||
| CVE-2005-4251 | 1 Mcgallery | 1 Mcgallery Pro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album parameter to index.php. | |||||
| CVE-2005-4250 | 1 Mcgallery | 1 Mcgallery Pro | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter. | |||||
| CVE-2005-4248 | 1 Quickpaypro | 1 Quickpaypro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. | |||||
| CVE-2005-3943 | 1 Faq System | 1 Faq System | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php. | |||||
| CVE-2005-4245 | 1 Snipegallery | 1 Snipe Gallery | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. | |||||
| CVE-2005-4244 | 1 Snipegallery | 1 Snipe Gallery | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. | |||||
| CVE-2005-4243 | 1 Quickpaypro | 1 Quickpaypro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid parameter in subscribers.tracking.edit.php; (6) delete parameter in design.php; (7) trackingid parameter in tracking.details.php; and (8) customerid parameter in sales.view.php. | |||||
| CVE-2005-4242 | 1 Horde | 1 Turba H3 | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. | |||||
| CVE-2005-4241 | 1 Vcd-db | 1 Vcd-db | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter. | |||||
| CVE-2005-4239 | 1 Php Jackknife | 1 Php Jackknife | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. | |||||
| CVE-2005-3942 | 1 Greywyvern | 1 Orca Knowledgebase | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. | |||||
| CVE-2005-3941 | 1 Greywyvern | 1 Orca Blog | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | |||||
| CVE-2005-4238 | 1 Mantis | 1 Mantis | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. | |||||
| CVE-2005-3940 | 1 Greywyvern | 1 Orca Ringmaker | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-4237 | 1 Servers-r-us | 1 Mysqlauction | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module. | |||||
| CVE-2005-4236 | 1 Cartkeeper | 1 Ckgold Shopping Cart | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters. | |||||
| CVE-2005-4235 | 1 Whmcompletesolution | 1 Whmcompletesolution | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters. | |||||
| CVE-2005-4234 | 1 Powerdev | 1 Encapsgallery | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3933 | 1 88script | 1 88script Event Calendar | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2005-3932 | 1 O-kiraku Nikki | 1 O-kiraku Nikki | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter. | |||||
| CVE-2005-3925 | 1 Helpdesk Issue Manager | 1 Helpdesk Issue Manager | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | |||||
| CVE-2005-4231 | 1 Php Web Scripts | 1 Link Up Gold | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] parameter to search.php in a search_links_advanced action, and the (3) direction or (4) sort parameter to articles.php. | |||||
| CVE-2005-3855 | 1 Easybe | 1 1-2-3 Music Store | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | |||||
| CVE-2005-3924 | 1 Randshop | 1 Randshop | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters. | |||||