Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0595 | 1 Working Resources Inc. | 1 Badblue | 2017-07-12 | 7.5 HIGH | N/A |
| Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter. | |||||
| CVE-2002-1759 | 1 Phprojekt | 1 Phprojekt | 2017-07-12 | 5.0 MEDIUM | N/A |
| The upload function in PHProjekt 2.0 through 3.1 does not properly verify certain variables related to uploaded data, which allows remote attackers to cause PHProjekt to process arbitrary files. | |||||
| CVE-2004-1442 | 1 Ibm | 1 Net.data | 2017-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E." | |||||
| CVE-2004-2068 | 1 Leafnode | 1 Leafnode | 2017-07-12 | 5.0 MEDIUM | N/A |
| fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers. | |||||
| CVE-2004-1517 | 1 Zonelabs | 1 Imsecure | 2017-07-12 | 7.5 HIGH | N/A |
| Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions. | |||||
| CVE-2005-0216 | 1 Woltlab | 1 Burning Board Lite | 2017-07-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter. | |||||
| CVE-2004-2424 | 1 Bea | 1 Weblogic Server | 2017-07-12 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends. | |||||
| CVE-2005-0501 | 1 Digipen Institute Of Technology | 1 Bontago | 2017-07-12 | 7.5 HIGH | N/A |
| Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2005-0130 | 1 Berlios | 1 Konversation | 2017-07-12 | 7.5 HIGH | N/A |
| Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts. | |||||
| CVE-2001-0226 | 1 Biblioscape | 1 Biblioweb Server | 2017-07-12 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or ... attack in an HTTP GET request. | |||||
| CVE-2001-0838 | 1 Network Solutions | 1 Rwhoisd | 2017-07-12 | 7.5 HIGH | N/A |
| Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. | |||||
| CVE-2006-1098 | 1 Digital Builder | 1 Nz Ecommerce | 2017-07-12 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce allow remote attackers to execute arbitrary SQL commands via the (1) informationID or (2) ParentCategory parameter to index.php. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate problem. | |||||
| CVE-2005-3963 | 1 Dotclear | 1 Dotclear | 2017-07-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie. | |||||
| CVE-2005-3802 | 1 Belkin | 2 F5d7230-4, F5d7232-4 | 2017-07-12 | 5.1 MEDIUM | N/A |
| Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the management interface without authentication. | |||||
| CVE-2002-0207 | 1 Realnetworks | 2 Realone Player, Realplayer Intranet | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header. | |||||
| CVE-2004-1798 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2017-07-11 | 5.1 MEDIUM | N/A |
| RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726. | |||||
| CVE-2005-2964 | 1 Abisource | 1 Community Abiword | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. | |||||
| CVE-2005-3568 | 1 Ibm | 1 Db2 Content Manager | 2017-07-11 | 2.1 LOW | N/A |
| db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING." | |||||
| CVE-2005-3019 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow remote attackers to execute arbitrary SQL commands via the (1) request parameter to joinrequests.php, (2) limitnumber or (3) limitstart to user.php, (4) usertitle.php, or (5) usertools.php. | |||||
| CVE-2005-3566 | 1 Symantec Veritas | 4 Cluster Server, Sanpoint Control Quickstart, Storage Foundation and 1 more | 2017-07-11 | 4.3 MEDIUM | N/A |
| Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. | |||||
| CVE-2005-3018 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. | |||||
| CVE-2005-3013 | 1 Suse | 1 Suse Linux | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE Linux 9.3 allows local users to execute arbitrary code via a long Loc entry. | |||||
| CVE-2005-3209 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2017-07-11 | 4.6 MEDIUM | N/A |
| Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges. | |||||
| CVE-2005-3237 | 1 Cynox | 1 Cyphor | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote attackers to inject arbitrary web script or HTML via the t_login parameter of footer.php. | |||||
| CVE-2005-3006 | 1 Opera | 1 Opera Browser | 2017-07-11 | 5.0 MEDIUM | N/A |
| The mail client in Opera before 8.50 opens attached files from the user's cache directory without warning the user, which might allow remote attackers to inject arbitrary web script and spoof attachment filenames. | |||||
| CVE-2005-3004 | 1 Interakt | 1 Mx Shop | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_prd parameters to the pages module in index.php. | |||||
| CVE-2005-2988 | 1 Hp | 1 Laserjet 2430 | 2017-07-11 | 5.0 MEDIUM | N/A |
| HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP. | |||||
| CVE-2005-2987 | 1 Digital Scribe | 1 Digital Scribe | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-2986 | 1 Ahnlab | 3 V3 Virusblock 2005, V3net, V3pro 2004 | 2017-07-11 | 7.5 HIGH | N/A |
| The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 VirusBlock 2005 Build 6.0.0.383, V3Net for Windows Server 6.0 Build 6.0.0.383 does not properly validate the source of the DeviceIoControl commands, which allows remote attackers to gain privileges. | |||||
| CVE-2005-2985 | 1 Aewebworks | 1 Aedating | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter. | |||||
| CVE-2005-2984 | 1 Data Center Resources | 1 Avocent | 2017-07-11 | 4.6 MEDIUM | N/A |
| Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port. | |||||
| CVE-2005-3469 | 1 News2net | 1 News2net | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-3634 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| frameset.htm in the BSP runtime in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. | |||||
| CVE-2005-3436 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox. | |||||
| CVE-2005-2980 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter. | |||||
| CVE-2005-2979 | 1 Phpoutsourcing | 1 Noahs Classifieds | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter. | |||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | |||||
| CVE-2005-3520 | 1 Mysource | 1 Mysource | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. | |||||
| CVE-2005-2963 | 1 Mod Auth Shadow | 1 Mod Auth Shadow | 2017-07-11 | 7.5 HIGH | N/A |
| The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. | |||||
| CVE-2005-2882 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. | |||||
| CVE-2005-2881 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-07-11 | 7.5 HIGH | N/A |
| phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. | |||||
| CVE-2005-2880 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php. | |||||
| CVE-2005-3335 | 1 Mantis | 1 Mantis | 2017-07-11 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | |||||
| CVE-2005-2843 | 1 Helpdesk Software | 1 Hesk | 2017-07-11 | 7.5 HIGH | N/A |
| Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php. | |||||
| CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2017-07-11 | 7.5 HIGH | N/A |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | |||||
| CVE-2005-3434 | 1 Archilles | 1 Newsworld | 2017-07-11 | 7.5 HIGH | N/A |
| Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges. | |||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | |||||
| CVE-2005-3530 | 1 Antville | 1 Antville | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. | |||||
| CVE-2005-3366 | 1 Php Icalendar | 1 Php Icalendar | 2017-07-11 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher. | |||||
| CVE-2005-2951 | 1 Azerbaijan Development Group | 1 Azdgdating | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement. | |||||