Search Results (366256 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3770 1 Phppost 1 Phppost 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php.
CVE-2005-3123 1 Gnu 1 Gnump3d 2026-04-16 N/A
Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.
CVE-2005-3776 1 Mybulletinboard 1 Mybulletinboard 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a new thread and (2) information passed to the Reputation system.
CVE-2005-3782 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.
CVE-2005-3783 1 Linux 1 Linux Kernel 2026-04-16 N/A
The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash).
CVE-2005-3787 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title parameter and (3) the table creation dialog.
CVE-2005-3796 1 Alstrasoft 1 Affiliate Network Pro 2026-04-16 N/A
Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability.
CVE-2005-3798 1 Alstrasoft 1 Template Seller 2026-04-16 N/A
SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2005-3799 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
CVE-2006-0645 2 Free Software Foundation Inc., Redhat 2 Libtasn1, Enterprise Linux 2026-04-16 N/A
Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and (2) GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test suite.
CVE-2005-3800 1 Macromedia 1 Contribute Publishing Server 2026-04-16 N/A
Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information.
CVE-2005-3801 1 Counterpane 1 Passwordsafe 2026-04-16 N/A
CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) function, which reduces the search time in brute force attacks.
CVE-2005-3813 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2026-04-16 N/A
IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent mailbox, a different vulnerability than CVE-2005-3690.
CVE-2005-3816 1 Zoneo-soft 1 Freeforum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode.
CVE-2006-0650 1 Cpaint 1 Cpaint 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.
CVE-2005-3822 1 Vtiger 1 Vtiger Crm 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
CVE-2005-3828 1 Activecampaign 1 Knowledgebuilder 2026-04-16 N/A
SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.
CVE-2005-3829 1 Activecampaign 1 Knowledgebuilder 2026-04-16 N/A
index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed.
CVE-2005-3833 1 Tunez 1 Tunez 2026-04-16 N/A
SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.
CVE-2005-3835 1 Desklance 1 Desklance 2026-04-16 N/A
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.