Search Results (366811 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-0641 1 Broadcom 1 Unicenter Asset Management 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template.
CVE-2005-0642 1 Broadcom 1 Unicenter Asset Management 2026-04-16 N/A
SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.
CVE-2005-0643 1 Mcafee 1 Antivirus Engine 2026-04-16 N/A
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files.
CVE-2005-0644 1 Mcafee 1 Antivirus Engine 2026-04-16 N/A
Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643.
CVE-2005-0653 1 Phpmyadmin 1 Phpmyadmin 2026-04-16 N/A
phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.
CVE-2005-0645 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php.
CVE-2005-0646 1 Php Arena 1 Panews 2026-04-16 N/A
SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.
CVE-2005-0647 1 Php Arena 1 Panews 2026-04-16 N/A
admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.
CVE-2005-0648 1 Pixel-apes Group 1 Safehtml 2026-04-16 N/A
Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."
CVE-2005-0649 1 Pixel-apes Group 1 Safehtml 2026-04-16 N/A
Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."
CVE-2005-0650 1 Projectbb 1 Projectbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section.
CVE-2005-0651 1 Projectbb 1 Projectbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section.
CVE-2005-0652 1 Hp 1 Openvms 2026-04-16 N/A
Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.
CVE-2005-0663 1 Mercuryboard 1 Mercuryboard 2026-04-16 N/A
SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter.
CVE-2005-0654 1 Gimp 1 Gimp 2026-04-16 N/A
gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero.
CVE-2005-0655 1 Arif Supriyanto 1 Auracms 2026-04-16 N/A
auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.
CVE-2005-0656 1 Arif Supriyanto 1 Auracms 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php.
CVE-2005-0657 1 Computalynx 1 Cproxy 2026-04-16 N/A
Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot) in an HTTP request.
CVE-2005-0658 1 Cmw Linklist 1 Cmw Linklist 2026-04-16 N/A
SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.
CVE-2005-0659 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.