Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | |||||
| CVE-2005-4400 | 1 Liferay | 1 Liferay Portal Enterprise | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | |||||
| CVE-2005-4486 | 1 Quantum Art | 1 Qp7 Enterprise | 2008-09-19 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp. | |||||
| CVE-2005-4399 | 1 Libertas Solutions | 1 Libertas Enterprise Cms | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. | |||||
| CVE-2005-4498 | 1 Text-e | 1 Text-e Cms | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4512 | 1 Waxtrapp | 1 Waxtrapp | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4431 | 1 Wowbb | 1 Wowbb | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181. | |||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2008-09-19 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product." | |||||
| CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | |||||
| CVE-2005-4481 | 1 Polopoly | 1 Polopoly | 2008-09-19 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package. | |||||
| CVE-2005-4410 | 1 Nqcontent | 1 Nqcontent | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. | |||||
| CVE-2005-4628 | 1 Help Desk Point Software | 1 Helpdeskpoint | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4629 | 1 Smbcms | 1 Smbcms | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | |||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | |||||
| CVE-2005-4640 | 1 Class-1 | 1 Poll Software | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | |||||
| CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2008-09-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
| CVE-2005-4409 | 1 Mmbase | 1 Mmbase | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4401 | 1 Lutece | 1 Lutece | 2008-09-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the query parameter. | |||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2008-09-19 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | |||||