CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2005-4132

Malware in sbrugna...

7.5CVSS6.4AI score0.00963EPSS

Exploits1References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2005-4361

Malware in sbrugna...

6.4CVSS6.4AI score0.00824EPSS

Exploits0References17

NVD•added 2005/12/20 1:3 a.m.•15 views

CVE-2005-4366

Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the 1 planid parameter to a domains.php, b viewusage.php, c popaccounts.php, d databases.php, e ftpusers.php, f crons.php, g passdirs.php, h zonefiles.php, i htaccess.php, and j...

6.4CVSS8.4AI score0.00824EPSS

Exploits0References16

Cvelist•added 2005/12/20 1:0 a.m.•18 views

CVE-2005-4366

8.4AI score0.00824EPSS

Exploits0References16

CVE•added 2005/12/20 1:0 a.m.•50 views

CVE-2005-4366

CVE-2005-4366 describes multiple SQL injection vulnerabilities in DRZES HMS 3.2. The issues allow remote attackers to execute arbitrary SQL commands via various parameters across several PHP scripts (e.g., plan_id to domains.php, viewusage.php, pop_accounts.php, databases.php, ftp_users.php, cron...

6.4CVSS8.6AI score0.00824EPSS

Exploits0References16Affected Software1

NVD•added 2005/12/09 3:3 p.m.•14 views

CVE-2005-4137

SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter...

7.5CVSS8.3AI score0.00963EPSS

Exploits1References7

NVD•added 2005/12/09 3:3 p.m.•12 views

CVE-2005-4136

Cross-site scripting XSS vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter...

4.3CVSS5.7AI score0.00416EPSS

Exploits1References4

Cvelist•added 2005/12/09 3:0 p.m.•21 views

CVE-2005-4137

SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter...

8.3AI score0.00963EPSS

Exploits1References7

CVE•added 2005/12/09 3:0 p.m.•47 views

CVE-2005-4137

CVE-2005-4137 describes an SQL injection in DRZES HMS 3.2: viewinvoice.php allows remote attackers to manipulate the backend via the invoiceID parameter, enabling arbitrary SQL execution. This is part of broader SQL injection findings in DRZES HMS 3.2 (noting that the 4137 vector is explicitly th...

7.5CVSS8.7AI score0.00963EPSS

Exploits1References7Affected Software1

CVE•added 2005/12/09 3:0 p.m.•44 views

CVE-2005-4136

CVE-2005-4136 describes a Cross-site Scripting (XSS) vulnerability in DRZES HMS 3.2, specifically in login.php where the customerEmailAddress parameter can be exploited to inject arbitrary web script/HTML. The issue affects the login process and can be triggered remotely, with a NVD base score of...

4.3CVSS6AI score0.00416EPSS

Exploits1References4Affected Software1

securityvulns•added 2005/11/26 12:0 a.m.•31 views

DRZES HMS 3.2 Multiple vuln.

DRZES HMS 3.2 - Hosting Management System -multiple SQL inj. vuln. and XSS vuln. Vuln. dicovered by : r0t Date: 25 nov. 2005 Orginal advisory:http://pridels.blogspot.com/2005/11/drzes-hms-32-multiple-vuln.html Vendor:http://drzes.com/ affected version:3.2 and prior Product description: Increase...

0.2AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by