Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2892 | 1 Pblang | 1 Pblang | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter. | |||||
| CVE-2005-3127 | 1 Lucidcms | 1 Lucidcms | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2005-3647 | 1 Winability | 1 Folder Guard | 2017-07-11 | 4.6 MEDIUM | N/A |
| Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory. | |||||
| CVE-2005-2891 | 1 Csystems | 1 Webarchivex | 2017-07-11 | 6.4 MEDIUM | N/A |
| WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods. | |||||
| CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. | |||||
| CVE-2005-2890 | 1 Secureol | 1 Ve2 | 2017-07-11 | 4.6 MEDIUM | N/A |
| SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows local users to bypass intended restrictions and gain access to the secured environment via direct access to the PhysicalMemory device. | |||||
| CVE-2005-3129 | 1 S9y | 1 Serendipity | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. | |||||
| CVE-2005-2888 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. | |||||
| CVE-2005-3309 | 1 Zomplog | 1 Zomplog | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php. | |||||
| CVE-2005-3648 | 1 Moodle | 1 Moodle | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | |||||
| CVE-2005-2820 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". | |||||
| CVE-2005-2817 | 1 Simple Machines | 1 Simple Machines Forum | 2017-07-11 | 5.0 MEDIUM | N/A |
| Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server. | |||||
| CVE-2005-2815 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 6.4 MEDIUM | N/A |
| print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | |||||
| CVE-2005-3596 | 1 Iisworks | 1 Aspknowledgebase | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. | |||||
| CVE-2005-3136 | 1 Virtools | 1 Web Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename. | |||||
| CVE-2005-3116 | 1 Symantec Veritas | 1 Netbackup | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2005-3310 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 3.5 LOW | N/A |
| Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB. | |||||
| CVE-2005-3595 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 10.0 HIGH | N/A |
| By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. | |||||
| CVE-2005-3137 | 1 Gnu | 1 Cfengine | 2017-07-11 | 2.1 LOW | N/A |
| The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | |||||
| CVE-2005-2887 | 1 Maxdev | 1 Md-pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message. | |||||
| CVE-2005-3111 | 1 Debian | 1 Backupninja | 2017-07-11 | 2.1 LOW | N/A |
| The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2005-3138 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | |||||
| CVE-2005-3139 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | |||||
| CVE-2005-2886 | 1 Maxdev | 1 Md-pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. | |||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-3142 | 1 Kaspersky Lab | 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header. | |||||
| CVE-2005-3152 | 1 Devellion | 1 Cubecart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1. | |||||
| CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | |||||
| CVE-2005-3236 | 1 Cynox | 1 Cyphor | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php. | |||||
| CVE-2005-3514 | 1 Chipmunk Scripts | 1 Chipmunk Forum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php. | |||||
| CVE-2005-3161 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php. | |||||
| CVE-2005-3096 | 1 Avi Alkalay | 1 Nslookup.cgi | 2017-07-11 | 7.5 HIGH | N/A |
| Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter. | |||||
| CVE-2005-3660 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 4.9 MEDIUM | N/A |
| Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference. | |||||
| CVE-2005-2814 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. | |||||
| CVE-2005-3515 | 1 Chipmunk Scripts | 1 Chipmunk Topsites | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2005-3095 | 1 Avi Alkalay | 1 Notify | 2017-07-11 | 7.5 HIGH | N/A |
| Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter. | |||||
| CVE-2005-3588 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. | |||||
| CVE-2005-3094 | 1 Avi Alkalay | 1 Man Cgi | 2017-07-11 | 7.5 HIGH | N/A |
| Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter. | |||||
| CVE-2005-2885 | 1 Maxdev | 1 Md-pro | 2017-07-11 | 7.5 HIGH | N/A |
| The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | |||||
| CVE-2005-3027 | 1 Sybari | 1 Antigen | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment". | |||||
| CVE-2005-3516 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter. | |||||
| CVE-2005-3517 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php. | |||||
| CVE-2005-3188 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | |||||
| CVE-2005-2845 | 1 Ariba | 1 Ariba Spend Management Solutions | 2017-07-11 | 5.0 MEDIUM | N/A |
| Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3082 | 1 Seo-board | 1 Seo-board | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie. | |||||
| CVE-2005-3194 | 1 Estsoft | 1 Alzip | 2017-07-11 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive. | |||||
| CVE-2005-2844 | 1 Indiatimes Messenger | 1 Indiatimes Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object. | |||||
| CVE-2005-3197 | 1 Webroot Software | 1 Desktop Firewall | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list. | |||||
| CVE-2005-2943 | 1 Davide Libenzi | 1 Xmail | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option. | |||||
| CVE-2005-3073 | 1 Interchange Development Group | 1 Interchange | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page. | |||||