Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3907 1 Sun 2 Jdk, Jre 2026-04-16 N/A
Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets.
CVE-2005-3910 1 Post Affiliate Pro 1 Post Affiliate Pro 2026-04-16 N/A
merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with magic_quotes_gpc disabled, allows remote attackers to include arbitrary local files via the md parameter, possibly due to a directory traversal vulnerability.
CVE-2005-3913 1 Vchs 1 Vchs 2026-04-16 N/A
Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users.
CVE-2005-3918 1 Ovbb 1 Ovbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.
CVE-2005-3924 1 Randshop 1 Randshop 2026-04-16 N/A
SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.
CVE-2005-4039 1 Web4future 1 Portal Solutions 2026-04-16 N/A
Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.
CVE-2005-3942 1 Greywyvern 1 Orca Knowledgebase 2026-04-16 N/A
SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter.
CVE-2005-4041 1 Mr. Cgi Guy 2 Hot Links Pro, Hot Links Sql 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string.
CVE-2006-0670 1 Bluez Project 1 Hcidump 2026-04-16 N/A
Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
CVE-2005-3952 1 Php Labs 1 Top Auction 2026-04-16 N/A
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a disclosure reported the affected version as 1.0.
CVE-2005-3953 1 Bedeng Psp 1 Bedeng Psp 2026-04-16 N/A
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php.
CVE-2005-4042 1 Mr. Cgi Guy 1 Warm Links 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi.
CVE-2006-0675 1 Glen Campbell 1 Siteframe 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in Siteframe 5.0.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
CVE-2005-3956 1 Dmanews 1 Dmanews 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action.
CVE-2005-4043 1 Hobosworld 1 Hobsr 2026-04-16 N/A
SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters.
CVE-2006-0678 1 Postgresql 1 Postgresql 2026-04-16 N/A
PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before 8.0.7, and 8.1.x before 8.1.3, when compiled with Asserts enabled, allows local users to cause a denial of service (server crash) via a crafted SET SESSION AUTHORIZATION command, a different vulnerability than CVE-2006-0553.
CVE-2005-4052 1 E107 1 E107 2026-04-16 N/A
e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site.
CVE-2005-3958 1 Entergal Mx 1 Entergal Mx 2026-04-16 N/A
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter.
CVE-2005-4058 1 Saralblog 1 Saralblog 2026-04-16 N/A
SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php.
CVE-2005-3959 1 Freewebstat 1 Freewebstat 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php.