CVE-2005-4xxx

There are 887 CVE in this subgroup.

Last updated:

← Back to 2005

ID	Summary	Flags
CVE-2005-4000	Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier a...	E
CVE-2005-4001	Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote...	E
CVE-2005-4002	WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the ...	S
CVE-2005-4003	Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart P...	E
CVE-2005-4004	Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remo...
CVE-2005-4005	SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain...	E
CVE-2005-4006	SAPID CMS before 1.2.3.03 allows remote attackers to bypass authentication via direct requests to th...	S
CVE-2005-4007	Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users...
CVE-2005-4008	SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to exec...	E
CVE-2005-4009	Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote att...	E
CVE-2005-4010	SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute ar...
CVE-2005-4011	SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar (aka PHP Event Calendar) 4.2,...
CVE-2005-4012	Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers...	E S
CVE-2005-4013	PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, ...	S
CVE-2005-4014	stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumpt...	S
CVE-2005-4015	PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which...	S
CVE-2005-4016	SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary S...
CVE-2005-4017	property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an...
CVE-2005-4018	SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allo...
CVE-2005-4019	SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows rem...
CVE-2005-4020	SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attacke...
CVE-2005-4021	The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with i...
CVE-2005-4022	Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2...	S
CVE-2005-4023	Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers ...	S
CVE-2005-4024	Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attacker...
CVE-2005-4025	Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is comple...	E
CVE-2005-4026	search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to ...
CVE-2005-4027	SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL comman...
CVE-2005-4028	Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbi...	E
CVE-2005-4029	WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the Web...
CVE-2005-4030	SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute ar...	S
CVE-2005-4031	Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbi...	S
CVE-2005-4032	Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows ...	E
CVE-2005-4033	Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow t...	S
CVE-2005-4034	Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers t...	E
CVE-2005-4035	Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier al...	E
CVE-2005-4036	Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 al...
CVE-2005-4037	SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier all...
CVE-2005-4038	SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remo...
CVE-2005-4039	Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows re...	E
CVE-2005-4040	SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitr...
CVE-2005-4041	Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Lin...
CVE-2005-4042	Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to ...
CVE-2005-4043	SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers ...	E
CVE-2005-4044	Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier ...
CVE-2005-4045	Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun ...	S
CVE-2005-4046	Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standa...	S
CVE-2005-4047	Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote at...	E
CVE-2005-4048	Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec...	S
CVE-2005-4049	Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrar...	E
CVE-2005-4050	Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows re...	S
CVE-2005-4051	e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to r...	E
CVE-2005-4052	e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter ...	E
CVE-2005-4053	Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary...
CVE-2005-4054	SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attacker...
CVE-2005-4055	SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to e...
CVE-2005-4056	SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute...
CVE-2005-4057	Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attacke...
CVE-2005-4058	SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary ...
CVE-2005-4059	SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers ...
CVE-2005-4060	Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote at...
CVE-2005-4061	Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers...
CVE-2005-4062	Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers...
CVE-2005-4063	Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote a...
CVE-2005-4064	Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL ...
CVE-2005-4065	SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attacke...	E S
CVE-2005-4066	Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which...
CVE-2005-4067	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4031. Reason: This candida...	R
CVE-2005-4068	Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users...	S
CVE-2005-4069	SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissi...	E S
CVE-2005-4070	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3665. Reason: This candida...	R
CVE-2005-4071	Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote ...
CVE-2005-4072	Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remo...
CVE-2005-4073	SQL injection vulnerability in view_archive.cfm in CFMagic Magic List Pro 2.5 allows remote attacker...
CVE-2005-4074	Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is ...
CVE-2005-4075	Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow re...
CVE-2005-4076	Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary cod...	E
CVE-2005-4077	Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to ...	S
CVE-2005-4078	Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote att...
CVE-2005-4079	The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vuln...
CVE-2005-4080	Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows...	E
CVE-2005-4081	Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass au...	E
CVE-2005-4082	The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users...
CVE-2005-4083	Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlie...
CVE-2005-4084	xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain t...
CVE-2005-4085	Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in...	E S
CVE-2005-4086	Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relations...	E
CVE-2005-4087	PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relat...	E
CVE-2005-4088	SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbit...
CVE-2005-4089	Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and...	E
CVE-2005-4090	Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attacker...
CVE-2005-4091	Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attac...	E
CVE-2005-4092	Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0...
CVE-2005-4093	Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows rem...
CVE-2005-4094	connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbit...	E
CVE-2005-4095	Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 all...	E
CVE-2005-4096	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4097	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4098	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4099	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4100	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4101	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4102	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4103	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4104	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4105	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4106	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4107	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4108	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4109	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4110	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4111	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4112	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4113	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4114	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4115	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4116	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4117	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4118	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4119	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4120	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4121	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4122	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4123	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4124	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4125	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4126	UNVERIFIABLE, PRERELEASE NOTE: this issue describes a problem that can not be independently v...
CVE-2005-4127	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4092. Reason: This candida...	R
CVE-2005-4128	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4092. Reason: This candida...	R
CVE-2005-4129	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4092. Reason: This candida...	R
CVE-2005-4130	UNVERIFIABLE, PRERELEASE NOTE: this issue describes a problem that can not be independently v...
CVE-2005-4131	Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and ...	S
CVE-2005-4132	Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and...	S
CVE-2005-4133	Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to o...	S
CVE-2005-4134	Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to c...
CVE-2005-4135	Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier all...	E
CVE-2005-4136	Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to in...	E
CVE-2005-4137	SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute a...	E
CVE-2005-4138	Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote atta...	E S
CVE-2005-4139	Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to exec...	E S
CVE-2005-4140	SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers ...	E
CVE-2005-4141	Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL ...	E
CVE-2005-4142	The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination wi...	E S
CVE-2005-4143	SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute...	E S
CVE-2005-4144	Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries ...	S
CVE-2005-4145	The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to ...	S
CVE-2005-4146	Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request ...	S
CVE-2005-4147	The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code ...	E S
CVE-2005-4148	Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the...	E S
CVE-2005-4149	Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causin...
CVE-2005-4150	Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath ...	S
CVE-2005-4151	The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and ea...	E
CVE-2005-4152	Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a...
CVE-2005-4153	Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that ...	S
CVE-2005-4154	Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to exec...	S
CVE-2005-4155	registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via a...	E
CVE-2005-4156	Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, ...
CVE-2005-4157	Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authent...	S
CVE-2005-4158	Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB...	E S
CVE-2005-4159	NOTE: this issue has been disputed by the vendor and third parties. SQL injection vulnerability in M...
CVE-2005-4160	Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read ar...
CVE-2005-4161	Multiple cross-site scripting (XSS) vulnerabilities in MilliScripts 1.4 redirect script allow remote...
CVE-2005-4162	Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attack...	E S
CVE-2005-4163	Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 allows remote attackers to read ...	E
CVE-2005-4164	SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute ar...
CVE-2005-4165	Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to exec...	E
CVE-2005-4166	Cross-site scripting (XSS) vulnerability in password.asp in DUWare DUportal Pro 3.4.3 allows remote ...	E
CVE-2005-4167	Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 allows remote attackers to inject a...	E
CVE-2005-4168	Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 allow remote attackers to execu...	E
CVE-2005-4169	Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary S...	E
CVE-2005-4170	SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL command...	E
CVE-2005-4171	The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to uplo...	E
CVE-2005-4172	eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct requ...	E
CVE-2005-4173	eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpi...	E
CVE-2005-4174	eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct una...	E
CVE-2005-4175	Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system st...
CVE-2005-4176	AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during ...
CVE-2005-4177	Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 all...	E
CVE-2005-4178	Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code ...	S
CVE-2005-4189	Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote ...	S
CVE-2005-4190	Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allo...	S
CVE-2005-4191	Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Na...	S
CVE-2005-4192	Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnem...	E S
CVE-2005-4193	Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbit...	S
CVE-2005-4194	Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows rem...	E
CVE-2005-4195	Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote ...	E
CVE-2005-4196	Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier ...	E
CVE-2005-4197	tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via ...	E
CVE-2005-4198	SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary ...	E
CVE-2005-4199	Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers t...	S
CVE-2005-4200	Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and at...	S
CVE-2005-4201	Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary...
CVE-2005-4202	Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access a...	E
CVE-2005-4203	LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote att...	E
CVE-2005-4204	Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbi...
CVE-2005-4205	Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remo...	E S
CVE-2005-4206	Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other ver...	E
CVE-2005-4207	SQL injection vulnerability in BTGrup Admin WebController Script allows remote attackers to execute ...	E
CVE-2005-4208	Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary file...	E
CVE-2005-4209	WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from a...	E
CVE-2005-4210	Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote a...	E S
CVE-2005-4211	PHP remote file inclusion vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attac...	E
CVE-2005-4212	Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers t...	E
CVE-2005-4213	SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary...	E
CVE-2005-4214	phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config...	E
CVE-2005-4215	Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via...
CVE-2005-4216	The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote a...	E
CVE-2005-4217	Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges when using the "$<" variable ...
CVE-2005-4218	SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows remote attackers to execute arbi...	E
CVE-2005-4219	setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information ...	E
CVE-2005-4220	Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of...
CVE-2005-4221	SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 allows remote attackers to ex...
CVE-2005-4222	Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4...
CVE-2005-4223	Multiple "potential" SQL injection vulnerabilities in Utopia News Pro (UNP) 1.1.4 might allow remote...	S
CVE-2005-4224	Multiple "potential" SQL injection vulnerabilities in e107 0.7 might allow remote attackers to execu...
CVE-2005-4225	Multiple "potential" SQL injection vulnerabilities in myBloggie 2.1.3 beta might allow remote attack...
CVE-2005-4226	Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote at...
CVE-2005-4227	Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers ...
CVE-2005-4228	Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to ...	E
CVE-2005-4229	Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remot...
CVE-2005-4230	SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to e...
CVE-2005-4231	Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to ...
CVE-2005-4232	SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attacker...
CVE-2005-4233	SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows rem...
CVE-2005-4234	SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attacker...	E
CVE-2005-4235	Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier...
CVE-2005-4236	Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject a...
CVE-2005-4237	Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to...
CVE-2005-4238	Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier all...	E
CVE-2005-4239	Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earl...	E
CVE-2005-4240	SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to exec...	E
CVE-2005-4241	Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remo...	E
CVE-2005-4242	Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote...
CVE-2005-4243	Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrar...	E
CVE-2005-4244	SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute ar...	E
CVE-2005-4245	Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows rem...	E
CVE-2005-4246	SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitra...	E
CVE-2005-4247	Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote at...	E
CVE-2005-4248	Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inj...
CVE-2005-4249	ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document r...	E
CVE-2005-4250	Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read a...
CVE-2005-4251	Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to ex...	E
CVE-2005-4252	Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to...
CVE-2005-4253	Cross-site scripting (XSS) vulnerability in getdox.php in Torrential 1.2 allows remote attackers to ...	E
CVE-2005-4254	SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote att...	E
CVE-2005-4255	Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki 1.1.6.0 allows remote attackers ...	E
CVE-2005-4256	Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attacker...	E
CVE-2005-4257	Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via...	E
CVE-2005-4258	Unspecified Cisco Catalyst Switches allow remote attackers to cause a denial of service (device cras...	E
CVE-2005-4259	Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote attackers to execute arbitrary SQL ...	E
CVE-2005-4260	Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and later allows remote attackers t...	E
CVE-2005-4261	Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attacker...	S
CVE-2005-4262	Cross-site scripting (XSS) vulnerability in the News module in Envolution allows remote attackers to...	E
CVE-2005-4263	SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbi...	E
CVE-2005-4264	Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attacker...	S
CVE-2005-4265	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4209. Reason: This candida...	R
CVE-2005-4266	WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a ra...
CVE-2005-4267	Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary c...	E
CVE-2005-4268	Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local us...
CVE-2005-4269	mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to c...
CVE-2005-4270	Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arb...	E
CVE-2005-4271	Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary co...	S
CVE-2005-4272	Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary c...	S
CVE-2005-4273	Multiple unspecified vulnerabilities in (1) getShell and (2) getCommand in IBM AIX 5.3 allow local u...	S
CVE-2005-4274	Unspecified vulnerability in Business Objects WebIntelligence 6.5x allows remote attackers to cause ...
CVE-2005-4275	Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device ...	E
CVE-2005-4276	Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP...
CVE-2005-4277	Cross-site scripting (XSS) vulnerability in index.php in toendaCMS before 0.7 Beta allows remote att...	E S
CVE-2005-4278	Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in th...	S
CVE-2005-4279	Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local user...	S
CVE-2005-4280	Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo Linux allows local users in t...
CVE-2005-4281	Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and earlier allows remote attacker...
CVE-2005-4282	Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers...
CVE-2005-4283	Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and earlier allows remote attackers to...
CVE-2005-4284	Cross-site scripting (XSS) vulnerability in StaticStore Search Engine 1.189A and earlier allows remo...
CVE-2005-4285	Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick Copits PDEstore 1.8 and earlier all...	E
CVE-2005-4286	Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profile...	S
CVE-2005-4287	PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute ar...	E
CVE-2005-4288	Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb E-commerce allows remote attacke...	E
CVE-2005-4289	Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to in...	E
CVE-2005-4290	Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 and earlier allows remote att...	E
CVE-2005-4291	Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS Onlineshop 1.0 and earlier allows re...	E
CVE-2005-4292	Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to i...	E
CVE-2005-4293	Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro (CCP) 5.1 and earlier allows ...	E
CVE-2005-4294	Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to ...	S
CVE-2005-4295	Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE 2.x allows remote attackers to...
CVE-2005-4296	AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP req...	E
CVE-2005-4297	Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier allows remote attackers to inje...
CVE-2005-4298	Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum 4.02 and earlier allows remote at...
CVE-2005-4299	Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 and earlier allows remote att...
CVE-2005-4300	Format string vulnerability in the lire_pop function in pop.c in libremail 1.1.0 and earlier, with c...	S
CVE-2005-4301	Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and earlier allows remote attackers to...
CVE-2005-4302	Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and earlier allows remote attacke...	E
CVE-2005-4303	SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to...
CVE-2005-4304	index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information vi...	E
CVE-2005-4305	Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, and 0.9.2 allows remote attack...
CVE-2005-4306	Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 and earlier allow remote atta...
CVE-2005-4307	Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to in...	E
CVE-2005-4308	index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode para...
CVE-2005-4309	SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbit...	E
CVE-2005-4310	SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based authentication only, allows users to...	S
CVE-2005-4311	Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, and possibly DCForum+ 1.x, all...
CVE-2005-4312	SQL injection vulnerability in index.php in AlmondSoft Almond Classifieds 5.02 allows remote attacke...
CVE-2005-4313	SQL injection vulnerability in index.php in AlmondSoft Almond Personals 4.05 allows remote attackers...
CVE-2005-4314	Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allow...	E
CVE-2005-4315	SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to ...
CVE-2005-4316	HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service vi...	S
CVE-2005-4317	Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable fro...	E S
CVE-2005-4318	SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and earlier, with register_globals off...	E S
CVE-2005-4319	Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 and earlier allows remote attac...	E S
CVE-2005-4320	Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the installation path of the applica...	E S
CVE-2005-4321	The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlie...	S
CVE-2005-4322	Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Cosminexus Collaboration Portal 06-00...	S
CVE-2005-4323	Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupma...	S
CVE-2005-4324	Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to...	S
CVE-2005-4325	Multiple unspecified vulnerabilities in Driverse before 0.56b have unknown impact and attack vectors...	S
CVE-2005-4326	The web interface for American Power Conversion (APC) PowerChute Network Shutdown performs all commu...
CVE-2005-4327	Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt WebCal 1.11-3.04 allow remote a...	E
CVE-2005-4328	Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows r...	E
CVE-2005-4329	SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier a...	E
CVE-2005-4330	SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execut...	E
CVE-2005-4331	SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attacker...	E
CVE-2005-4332	Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass a...
CVE-2005-4333	Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier a...	E
CVE-2005-4334	SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL comman...	E
CVE-2005-4335	ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a cr...
CVE-2005-4336	Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers t...
CVE-2005-4337	The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3...	E
CVE-2005-4338	announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2....	E
CVE-2005-4339	Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Acade...
CVE-2005-4340	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4206. Reason: This candida...	R
CVE-2005-4341	Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other ver...
CVE-2005-4342	ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 doe...	S
CVE-2005-4343	Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers t...	S
CVE-2005-4344	Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) s...	S
CVE-2005-4345	Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an A...	S
CVE-2005-4346	Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obta...	E
CVE-2005-4347	The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/...
CVE-2005-4348	fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attacke...
CVE-2005-4349	SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated...
CVE-2005-4350	Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on ...
CVE-2005-4351	The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, ...	E
CVE-2005-4352	The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows loca...	E S
CVE-2005-4353	SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database...	S
CVE-2005-4354	Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows r...	S
CVE-2005-4355	Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbit...
CVE-2005-4356	SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via ...
CVE-2005-4357	Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when "Allowed HTML tags" is enabled, allow...	E
CVE-2005-4358	admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via...
CVE-2005-4359	SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execu...	S
CVE-2005-4360	The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 a...	E S
CVE-2005-4361	Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 all...	S
CVE-2005-4362	SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitra...	S
CVE-2005-4363	Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attack...	S
CVE-2005-4364	Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3...	S
CVE-2005-4365	Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inj...	S
CVE-2005-4366	Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary ...
CVE-2005-4367	Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attac...
CVE-2005-4368	roundcube webmail Alpha, with a default high verbose level ($rcmail_config['debug_level'] = 1), allo...
CVE-2005-4369	Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbit...
CVE-2005-4370	SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attacker...	E
CVE-2005-4371	Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, ...	E
CVE-2005-4372	Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 an...
CVE-2005-4373	Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of...
CVE-2005-4374	Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attack...
CVE-2005-4375	Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject a...
CVE-2005-4376	Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrar...
CVE-2005-4377	Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote ...
CVE-2005-4378	SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to ...
CVE-2005-4379	Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote att...
CVE-2005-4380	Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to exe...
CVE-2005-4381	Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remo...
CVE-2005-4382	SQL injection vulnerability in CitySoft Community Enterprise 4.x allows remote attackers to execute ...
CVE-2005-4383	Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows re...
CVE-2005-4384	CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via ...
CVE-2005-4385	Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote at...
CVE-2005-4386	Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and earlier allows remote attackers to i...
CVE-2005-4387	Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote att...
CVE-2005-4388	Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 and earlier allows remote atta...
CVE-2005-4389	search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via inv...
CVE-2005-4390	SQL injection vulnerability in index.php in ContentServ 3.1 and earlier allows remote attackers to e...
CVE-2005-4391	Cross-site scripting (XSS) vulnerability in damoon allows remote attackers to inject arbitrary web s...
CVE-2005-4392	SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote a...
CVE-2005-4393	Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote ...
CVE-2005-4394	Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject...
CVE-2005-4395	Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject...
CVE-2005-4396	Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inj...
CVE-2005-4397	SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL c...
CVE-2005-4398	NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 an...
CVE-2005-4399	Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earl...
CVE-2005-4400	Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 ...
CVE-2005-4401	Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inje...
CVE-2005-4402	Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows ...	S
CVE-2005-4403	SQL injection vulnerability in index.php in Marwel 2.7 and earlier allows remote attackers to execut...
CVE-2005-4404	SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execut...
CVE-2005-4405	redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path vi...
CVE-2005-4406	SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to e...
CVE-2005-4407	Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote a...
CVE-2005-4408	Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to e...
CVE-2005-4409	Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inje...
CVE-2005-4410	Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary ...
CVE-2005-4411	Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary ...	E
CVE-2005-4412	Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI whi...	E
CVE-2005-4413	Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application S...
CVE-2005-4414	Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, rela...	S
CVE-2005-4415	Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inje...	E
CVE-2005-4416	SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary...	E
CVE-2005-4417	The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installe...
CVE-2005-4418	util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debia...
CVE-2005-4419	Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Arc...
CVE-2005-4420	Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers...
CVE-2005-4421	Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a ...	S
CVE-2005-4422	Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated ...	S
CVE-2005-4423	Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to ex...	E
CVE-2005-4424	Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated us...
CVE-2005-4425	Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to cause a...	S
CVE-2005-4426	Interpretation conflict in YaBB before 2.1 allows remote authenticated users to inject arbitrary web...	S
CVE-2005-4427	Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow remote attackers to execute arbitr...
CVE-2005-4428	Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers t...
CVE-2005-4429	SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL comman...	E
CVE-2005-4430	SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrar...	E
CVE-2005-4431	SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands ...	E
CVE-2005-4432	Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 allows remote attackers to inje...
CVE-2005-4433	Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remot...
CVE-2005-4434	Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x allows remote attackers to injec...
CVE-2005-4435	Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man 3.x allows remote attackers t...	E
CVE-2005-4436	Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented in Cisco IOS after 12.3(2), 1...
CVE-2005-4437	MD5 Neighbor Authentication in Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemente...
CVE-2005-4438	Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library...
CVE-2005-4439	Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (appl...	E
CVE-2005-4440	The 802.1q VLAN protocol allows remote attackers to bypass network segmentation and spoof VLAN traff...
CVE-2005-4441	The PVLAN protocol allows remote attackers to bypass network segmentation and spoof PVLAN traffic vi...
CVE-2005-4442	Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users ...	S
CVE-2005-4443	Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in ...	S
CVE-2005-4444	Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c a...	S
CVE-2005-4445	Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute ...
CVE-2005-4446	Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inje...
CVE-2005-4447	SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers ...
CVE-2005-4448	FlatNuke 2.5.6 verifies authentication credentials based on an MD5 checksum of the admin name and th...	E
CVE-2005-4449	verify.php in FlatNuke 2.5.6 allows remote authenticated administrators to modify arbitrary PHP file...	E
CVE-2005-4450	Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perfo...
CVE-2005-4451	Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain a...
CVE-2005-4452	Information Call Center stores the CallCenterData.mdb database under the web root with insufficient ...
CVE-2005-4453	UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote authenticated users to gain admin...	S
CVE-2005-4454	Validate-before-filter vulnerability in cleanhtml.pl 1.129 in LiveJournal CVS before Dec 7 2005, whe...	E S
CVE-2005-4455	cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting...	S
CVE-2005-4456	Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 a...	E S
CVE-2005-4457	MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service...	E S
CVE-2005-4458	Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly reset the $IS_OWNER, $IS_ADMIN...	S
CVE-2005-4459	Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Works...	E S
CVE-2005-4460	Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and earlier allows remote attackers ...
CVE-2005-4461	SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and earlier allows remote attackers ...
CVE-2005-4462	PHP remote file include vulnerability in usermods.php in Tolva PHP website system 0.1.0 allows remot...	E
CVE-2005-4463	WordPress before 1.5.2 allows remote attackers to obtain sensitive information via a direct request ...	E
CVE-2005-4464	Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote attackers to cause a denial of...	S
CVE-2005-4465	The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX300...	S
CVE-2005-4466	Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before...	E S
CVE-2005-4467	Directory traversal vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows remot...	E S
CVE-2005-4468	PHP remote file include vulnerability in help_text_vars.php in PHPGedView 3.3.7 and earlier allows r...	E S
CVE-2005-4469	Multiple direct static code injection vulnerabilities in PHPGedView 3.3.7 and earlier allow remote a...	E S
CVE-2005-4470	Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through...	E
CVE-2005-4471	POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP 4 and earlier allows rem...	E S
CVE-2005-4472	Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cau...	S
CVE-2005-4473	Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows remote attackers to view web ...	S
CVE-2005-4474	Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cau...
CVE-2005-4475	Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inj...
CVE-2005-4476	Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier al...	E
CVE-2005-4477	Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to ...	E
CVE-2005-4478	Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute ...	E
CVE-2005-4479	SQL injection vulnerability in article.php in phpSlash 0.8.1 and earlier allows remote attackers to ...	E
CVE-2005-4480	Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to i...
CVE-2005-4481	Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject...
CVE-2005-4482	Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote att...	E
CVE-2005-4483	Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable 3.3 and earlier allows remote at...
CVE-2005-4484	Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 and earlier allow remote atta...
CVE-2005-4485	Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 and earlier allow remote attac...	E
CVE-2005-4486	SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote atta...	E
CVE-2005-4487	Cross-site scripting (XSS) vulnerability in RAMSite R\|1 CMS 1.0 and earlier allows remote attackers ...
CVE-2005-4488	Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in Redakto WCMS 3.2 and earlier all...	E
CVE-2005-4489	Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier allows remote attackers to inj...	E
CVE-2005-4490	Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and earlier allow remote attackers...	E
CVE-2005-4491	Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 and earlier allow remote atta...	E S
CVE-2005-4492	Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 and earlier allows remote atta...
CVE-2005-4493	Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inje...
CVE-2005-4494	Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier allows remote attackers to inject...
CVE-2005-4495	SQL injection vulnerability in index.cfm in SpireMedia mx7 allows remote attackers to execute arbitr...
CVE-2005-4496	Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 and earlier allows remote atta...
CVE-2005-4497	Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and earlier allows remote attacke...
CVE-2005-4498	Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inje...
CVE-2005-4499	The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL o...
CVE-2005-4500	SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL command...	E
CVE-2005-4501	MediaWiki before 1.5.4 uses a hard-coded "internal placeholder string", which allows remote attacker...	S
CVE-2005-4502	Cross-site scripting (XSS) vulnerability in httprint v202, and possibly other versions before v301, ...	E S
CVE-2005-4503	httprint v202, and possibly other versions before v301, allows remote attackers to cause a denial of...	E
CVE-2005-4504	The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earli...	E
CVE-2005-4505	Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3....	E
CVE-2005-4506	Nexus Concepts Dev Hound 2.24 and earlier stores username and password information in cleartext in t...	S
CVE-2005-4507	Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier all...	S
CVE-2005-4508	Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to obtain the installation path vi...	S
CVE-2005-4509	SQL injection vulnerability in index.asp in pTools allows remote attackers to execute arbitrary SQL ...
CVE-2005-4510	Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to rea...	E S
CVE-2005-4511	Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows local users to cause a denial of...
CVE-2005-4512	Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to in...
CVE-2005-4513	Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows remote attackers to inject arbi...
CVE-2005-4514	The encapsulation script mechanism in Webwasher CSM Appliance Suite 5.x uses case-sensitive detectio...
CVE-2005-4515	SQL injection vulnerability in WebDB 1.1 and earlier allows remote attackers to execute arbitrary SQ...	S
CVE-2005-4516	Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow re...	E S
CVE-2005-4517	SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execu...
CVE-2005-4518	Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying...	E S
CVE-2005-4519	Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0....	E S
CVE-2005-4520	Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown ...	E S
CVE-2005-4521	CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP h...	E S
CVE-2005-4522	Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in M...	E S
CVE-2005-4523	Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attacke...	E S
CVE-2005-4524	Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has...	E S
CVE-2005-4525	SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control...	E
CVE-2005-4526	Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass...	E
CVE-2005-4527	Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrar...	E
CVE-2005-4528	SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to exec...	S
CVE-2005-4529	The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via un...	S
CVE-2005-4530	Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPa...
CVE-2005-4531	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candida...	R
CVE-2005-4532	scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allow...	S
CVE-2005-4533	Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync com...	S
CVE-2005-4534	The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to ove...	S
CVE-2005-4535	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4536	Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file s...
CVE-2005-4537	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4538	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4539	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4540	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4541	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4542	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4543	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4544	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...	R
CVE-2005-4545	Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attacke...
CVE-2005-4546	search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter...
CVE-2005-4547	Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers t...
CVE-2005-4548	SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote ...	S
CVE-2005-4549	Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Po...	E
CVE-2005-4550	The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote att...	E
CVE-2005-4551	Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is o...
CVE-2005-4552	The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecu...	S
CVE-2005-4553	Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a lo...
CVE-2005-4554	Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote att...	E
CVE-2005-4555	Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier all...	E
CVE-2005-4556	PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r...	E S
CVE-2005-4557	dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Se...	E S
CVE-2005-4558	IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 b...	E S
CVE-2005-4559	mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail S...	S
CVE-2005-4560	The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attack...	E
CVE-2005-4561	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was as...	R
CVE-2005-4562	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was as...	R
CVE-2005-4563	SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote...	E
CVE-2005-4564	The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E migh...	S
CVE-2005-4565	Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...	S
CVE-2005-4566	Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta bef...	S
CVE-2005-4567	Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosiet...	E
CVE-2005-4568	Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4....	E
CVE-2005-4569	Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate ...	E
CVE-2005-4570	The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, ...	S
CVE-2005-4571	Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject...
CVE-2005-4572	Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute a...
CVE-2005-4573	PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote at...	E S
CVE-2005-4574	Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 an...	E
CVE-2005-4575	PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive infor...
CVE-2005-4576	Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEng...	E
CVE-2005-4577	Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-24...
CVE-2005-4578	Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00...
CVE-2005-4579	Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-...
CVE-2005-4580	Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbit...
CVE-2005-4581	Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a lo...
CVE-2005-4582	Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the clie...
CVE-2005-4583	Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24...	E S
CVE-2005-4584	BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application cr...	E
CVE-2005-4585	Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers...	S
CVE-2005-4586	Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute...	S
CVE-2005-4587	Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial o...	E
CVE-2005-4588	Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web ...	E
CVE-2005-4589	Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which all...
CVE-2005-4590	Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) r...
CVE-2005-4591	Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0...	S
CVE-2005-4592	Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a den...	S
CVE-2005-4593	PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_global...	E
CVE-2005-4594	Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via ...
CVE-2005-4595	Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows loc...	S
CVE-2005-4596	Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to...
CVE-2005-4597	Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers ...
CVE-2005-4598	Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers ...
CVE-2005-4599	Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 ...	S
CVE-2005-4600	Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows ...	E S
CVE-2005-4601	The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands v...	E
CVE-2005-4602	SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers ...
CVE-2005-4603	Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote ...
CVE-2005-4604	Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrar...
CVE-2005-4605	The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to...
CVE-2005-4606	SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3...	E S
CVE-2005-4607	Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote att...
CVE-2005-4608	SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitra...
CVE-2005-4609	index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such ...
CVE-2005-4610	Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service,...	S
CVE-2005-4611	SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers ...	E
CVE-2005-4612	Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary...	E
CVE-2005-4613	Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitra...
CVE-2005-4614	Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to exec...	E
CVE-2005-4615	SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to e...	E
CVE-2005-4616	SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitra...	E
CVE-2005-4617	SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to ex...	E
CVE-2005-4618	Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows local users to corrupt user m...	S
CVE-2005-4619	SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote...	E
CVE-2005-4620	Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long c...	E
CVE-2005-4621	Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote att...	S
CVE-2005-4622	Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code,...	E
CVE-2005-4623	upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) vi...	E
CVE-2005-4624	The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denia...	E
CVE-2005-4625	Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified...
CVE-2005-4626	The default configuration of Recruitment Software installs admin/site.xml under the web document roo...
CVE-2005-4627	Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFH...	E
CVE-2005-4628	SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers t...
CVE-2005-4629	SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands ...
CVE-2005-4630	SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitr...	E S
CVE-2005-4631	SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to exec...	E
CVE-2005-4632	SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers t...	E
CVE-2005-4633	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4619. Reason: This candida...	R
CVE-2005-4634	SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers t...	E
CVE-2005-4635	The nl_fib_input function in fib_frontend.c in the Linux kernel before 2.6.15 does not check for val...	S
CVE-2005-4636	OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from cl...	S
CVE-2005-4637	Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and ...
CVE-2005-4638	index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path ...
CVE-2005-4639	Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and...	S
CVE-2005-4640	SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote atta...
CVE-2005-4641	SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary ...
CVE-2005-4642	Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers t...	E
CVE-2005-4643	SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to exe...
CVE-2005-4644	Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows rem...	E S
CVE-2005-4645	SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL co...	E
CVE-2005-4646	Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to inc...
CVE-2005-4647	Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to exec...
CVE-2005-4648	Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) Mu...	E
CVE-2005-4649	Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote...	E
CVE-2005-4650	Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to caus...	S
CVE-2005-4651	SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execu...
CVE-2005-4652	SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL com...	S
CVE-2005-4653	Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypa...	E
CVE-2005-4654	Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO fo...
CVE-2005-4655	Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers...	E
CVE-2005-4656	SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to...	E
CVE-2005-4657	Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensit...	E
CVE-2005-4658	Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow re...	E
CVE-2005-4659	IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, whi...	S
CVE-2005-4660	Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite syst...	S
CVE-2005-4661	The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain une...	S
CVE-2005-4662	Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote a...	S
CVE-2005-4663	Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remot...	S
CVE-2005-4664	SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is di...
CVE-2005-4665	Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to injec...	S
CVE-2005-4666	Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inj...	S
CVE-2005-4667	Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code v...	E S
CVE-2005-4668	The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows ...	S
CVE-2005-4669	SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to exec...	E
CVE-2005-4670	Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) a...	E
CVE-2005-4671	Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 a...	E
CVE-2005-4672	Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Edito...	E
CVE-2005-4673	ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, whic...
CVE-2005-4674	Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to...	E
CVE-2005-4675	Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers...	E
CVE-2005-4676	Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling th...	E S
CVE-2005-4677	SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 ...
CVE-2005-4678	Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the t...
CVE-2005-4679	Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the st...
CVE-2005-4680	Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow re...
CVE-2005-4681	Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via ...	E
CVE-2005-4682	Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inj...	E
CVE-2005-4683	PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /t...
CVE-2005-4684	Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain i...
CVE-2005-4685	Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-roo...
CVE-2005-4686	PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregist...	S
CVE-2005-4687	PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the ...	S
CVE-2005-4688	PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile...
CVE-2005-4689	Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remot...
CVE-2005-4690	Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite ...
CVE-2005-4691	imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, an...	S
CVE-2005-4692	Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors a...	S
CVE-2005-4693	Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) ...
CVE-2005-4694	Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other ve...	E S
CVE-2005-4695	Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service ...	S
CVE-2005-4696	The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (P...	E
CVE-2005-4697	The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pa...
CVE-2005-4698	Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject...	E S
CVE-2005-4699	Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command...	E S
CVE-2005-4700	TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows rem...	E S
CVE-2005-4701	Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to ob...	S
CVE-2005-4702	SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote...	E
CVE-2005-4703	Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive informatio...	E
CVE-2005-4704	Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through S...	S
CVE-2005-4705	BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when...	S
CVE-2005-4706	Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users...
CVE-2005-4707	Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to ...	S
CVE-2005-4708	Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client inst...	S
CVE-2005-4709	The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3...	S
CVE-2005-4710	Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 a...	S
CVE-2005-4711	SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute...
CVE-2005-4712	CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inj...	E
CVE-2005-4713	Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x befo...	S
CVE-2005-4714	Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3...	E
CVE-2005-4715	Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disa...	E S
CVE-2005-4716	Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denia...	S
CVE-2005-4717	Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP...	E
CVE-2005-4718	Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a...	E
CVE-2005-4719	Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attac...	E
CVE-2005-4720	Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (cli...	E S
CVE-2005-4721	Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers t...	E S
CVE-2005-4722	_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via...	E S
CVE-2005-4723	D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a ...	E
CVE-2005-4724	SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbit...	E
CVE-2005-4725	Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment ...
CVE-2005-4726	MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitiv...
CVE-2005-4727	Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers ...	E S
CVE-2005-4728	Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to...	S
CVE-2005-4729	SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary...	E
CVE-2005-4730	Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related t...	S
CVE-2005-4731	The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when sessio...
CVE-2005-4732	Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 a...	E
CVE-2005-4733	NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of...	S
CVE-2005-4734	Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID We...	E
CVE-2005-4735	IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a de...	E S
CVE-2005-4736	IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a de...	E S
CVE-2005-4737	IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to c...	S
CVE-2005-4738	IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execut...	S
CVE-2005-4739	IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticate...	S
CVE-2005-4740	IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to...	S
CVE-2005-4741	NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain pr...	S
CVE-2005-4742	Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some arch...	S
CVE-2005-4743	Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier all...
CVE-2005-4744	Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly o...	S
CVE-2005-4745	SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote...
CVE-2005-4746	Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of se...	S
CVE-2005-4747	Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote a...
CVE-2005-4748	PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows ...	S
CVE-2005-4749	HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier...	S
CVE-2005-4750	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and e...
CVE-2005-4751	Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0,...	S
CVE-2005-4752	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow l...	S
CVE-2005-4753	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "h...	S
CVE-2005-4754	BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensit...	S
CVE-2005-4755	BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (...	S
CVE-2005-4756	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not proper...	S
CVE-2005-4757	BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not proper...	S
CVE-2005-4758	Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8...	S
CVE-2005-4759	BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system pla...	S
CVE-2005-4760	BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDel...	S
CVE-2005-4761	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and e...	S
CVE-2005-4762	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and e...	S
CVE-2005-4763	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and e...
CVE-2005-4764	BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after mul...	S
CVE-2005-4765	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the...	S
CVE-2005-4766	BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encryp...	S
CVE-2005-4767	BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using us...	S
CVE-2005-4768	SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote at...	E
CVE-2005-4769	SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attacker...	E
CVE-2005-4770	SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Acc...	E
CVE-2005-4771	Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button th...
CVE-2005-4772	liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and o...	S
CVE-2005-4773	The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a de...	S
CVE-2005-4774	Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary ...	E S
CVE-2005-4775	Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attr...	S
CVE-2005-4776	Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, Net...	S
CVE-2005-4777	Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the re...	E
CVE-2005-4778	The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," ...	S
CVE-2005-4779	verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID...	S
CVE-2005-4780	Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote att...	E
CVE-2005-4781	Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke ...	E
CVE-2005-4782	NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOST...	S
CVE-2005-4783	kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when r...	S
CVE-2005-4784	Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local...
CVE-2005-4785	Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to ...	E
CVE-2005-4786	Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI ant...	S
CVE-2005-4787	Turnkey Web Tools SunShop Shopping Cart allows remote attackers to obtain sensitive information via ...	E S
CVE-2005-4788	resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass acc...	S
CVE-2005-4789	resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-...	S
CVE-2005-4790	Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distri...
CVE-2005-4791	Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be ...	S
CVE-2005-4792	SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earli...	E S
CVE-2005-4793	Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager...	S
CVE-2005-4794	Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manag...
CVE-2005-4795	Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as ...	S
CVE-2005-4796	Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users...	S
CVE-2005-4797	Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows...	E S
CVE-2005-4798	Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS serv...
CVE-2005-4799	Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b a...	E
CVE-2005-4800	Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlie...	E
CVE-2005-4801	Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) ...	E
CVE-2005-4802	Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink at...	E
CVE-2005-4803	graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on tempor...	S
CVE-2005-4804	Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edit...	S
CVE-2005-4805	Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 an...	S
CVE-2005-4806	Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow r...	S
CVE-2005-4807	Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Fr...	E S
CVE-2005-4808	Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foun...	S
CVE-2005-4809	Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote ...	E
CVE-2005-4810	Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of servi...
CVE-2005-4811	The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurat...
CVE-2005-4812	The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, A...
CVE-2005-4813	Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used ...	S
CVE-2005-4814	Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handle...
CVE-2005-4815	SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B p...
CVE-2005-4816	Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial o...	S
CVE-2005-4817	Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to...	S
CVE-2005-4818	Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitr...
CVE-2005-4819	Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and ...	S
CVE-2005-4820	SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) ...
CVE-2005-4821	Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 and earlier allow remote attack...	E
CVE-2005-4822	SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (I...	E
CVE-2005-4823	Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software all...	S
CVE-2005-4824	PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote a...
CVE-2005-4825	Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass a...	S
CVE-2005-4826	Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Ca...
CVE-2005-4827	Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origi...	E
CVE-2005-4828	Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the w...	E
CVE-2005-4829	VirtueMart before 1.0.1 does not properly handle errors when a user is forbidden to read a requested...
CVE-2005-4830	CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary...	E
CVE-2005-4831	viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values ...	E
CVE-2005-4832	SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to e...	E S
CVE-2005-4833	IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR...	S
CVE-2005-4834	IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP...	S
CVE-2005-4835	The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 all...	S
CVE-2005-4836	The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL wh...
CVE-2005-4837	snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, w...	E
CVE-2005-4838	Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomc...	S
CVE-2005-4839	PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsi...
CVE-2005-4840	The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to...
CVE-2005-4841	The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Expl...
CVE-2005-4842	The System Monitor Source Properties control allows remote attackers to cause a denial of service (I...
CVE-2005-4843	The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explor...
CVE-2005-4844	The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explo...
CVE-2005-4845	The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 redirector c...
CVE-2005-4846	Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of servic...	E
CVE-2005-4847	Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number o...
CVE-2005-4848	Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4....	S
CVE-2005-4849	Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) t...	S
CVE-2005-4850	eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to sub...	S
CVE-2005-4851	eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which al...
CVE-2005-4852	The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all...
CVE-2005-4853	The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7...
CVE-2005-4854	eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict noti...
CVE-2005-4855	Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before ...
CVE-2005-4856	The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 befo...
CVE-2005-4857	eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remo...
CVE-2005-4858	Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and ea...
CVE-2005-4859	mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficie...	E
CVE-2005-4860	Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PAS...
CVE-2005-4861	functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authe...
CVE-2005-4862	The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote atta...
CVE-2005-4863	Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary...	S
CVE-2005-4864	Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitr...	S
CVE-2005-4865	Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitr...	S
CVE-2005-4866	Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute ...	S
CVE-2005-4867	Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration...	S
CVE-2005-4868	Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the ...	S
CVE-2005-4869	The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of serv...	S
CVE-2005-4870	Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarc...	S
CVE-2005-4871	Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, w...	S
CVE-2005-4872	Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of n...
CVE-2005-4873	Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow conte...
CVE-2005-4874	The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attac...	E S
CVE-2005-4875	TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request...
CVE-2005-4876	Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openf...
CVE-2005-4877	Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openf...
CVE-2005-4878	Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for...
CVE-2005-4879	Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3....	E
CVE-2005-4880	Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access ...	E
CVE-2005-4881	The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not...	S
CVE-2005-4882	tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse Simple Imager (WSI) and other pro...	E
CVE-2005-4883	Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote attackers to cause a denial of s...	S
CVE-2005-4884	Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 10.1.0.4 (10g) allo...
CVE-2005-4885	Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) Controller Arrays allows remote atta...
CVE-2005-4886	The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc...
CVE-2005-4887	NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 allows attackers to have an un...
CVE-2005-4888	NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows remote attackers to cause a den...
CVE-2005-4889	lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during dele...	S
CVE-2005-4890	There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - use...	E
CVE-2005-4891	Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allow...	E
CVE-2005-4892	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2005-4893	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2005-4894	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...	R
CVE-2005-4895	Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools before 0.4 make it easier for con...
CVE-2005-4900	SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct s...