Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2805 | 1 E107 | 1 E107 | 2017-07-11 | 5.0 MEDIUM | N/A |
| forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | |||||
| CVE-2005-2884 | 1 Neocrome | 1 Land Down Under | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. | |||||
| CVE-2005-3072 | 1 Interchange Development Group | 1 Interchange | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3198 | 1 Webroot Software | 1 Desktop Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Webroot Desktop Firewall before 1.3.0build52 allows local users to disable the firewall, even when password protection is enabled, via certain DeviceIoControl commands. | |||||
| CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | |||||
| CVE-2005-3060 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3676 | 1 Phpwebthings | 1 Phpwebthings | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter. | |||||
| CVE-2005-3324 | 1 Appindex | 1 Mwchat | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-3199 | 1 Aspready Faq Manager | 1 Aspready Faq Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ allow remote attackers to execute arbitrary SQL commands, possibly via the (1) txtLogin and (2) txtPassword parameters. | |||||
| CVE-2005-3636 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. | |||||
| CVE-2005-3334 | 1 Flyspray | 1 Flyspray | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. | |||||
| CVE-2005-3635 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. | |||||
| CVE-2005-3200 | 1 Utopia Software | 1 Utopia News Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro (UNP) 1.1.3 and 1.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the sitetitle parameter in header.php and (2) the version and (3) query_count parameters in footer.php. | |||||
| CVE-2005-3201 | 1 Utopia Software | 1 Utopia News Pro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php for Utopia News Pro (UNP) 1.1.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary SQL via the newsid parameter. | |||||
| CVE-2005-3664 | 2 F-secure, Kaspersky Lab | 3 F-secure Anti-virus, Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file. | |||||
| CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | |||||
| CVE-2005-3202 | 1 Oracle | 1 Html Db | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters. | |||||
| CVE-2005-3475 | 1 Hasbani Web Server | 1 Hasbani Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests. | |||||
| CVE-2005-3203 | 1 Oracle | 1 Html Db | 2017-07-11 | 4.6 MEDIUM | N/A |
| The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 stores the SYS password in install.lst in plaintext, which allows local users to gain privileges. | |||||
| CVE-2005-3204 | 1 Oracle | 2 Application Server, Oracle9i | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP request. | |||||
| CVE-2005-3043 | 1 Mall23 | 1 Mall23 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter. | |||||
| CVE-2005-3206 | 1 Oracle | 1 Database Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 allows remote attackers to cause a denial of service (TNS listener stop) via an HTTP request with an sid parameter that contains a STOP command. | |||||
| CVE-2005-2954 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field. | |||||
| CVE-2005-3682 | 1 Wizz Forum | 1 Wizz Forum | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php. | |||||
| CVE-2005-3470 | 1 Mailscanner | 1 Mailscanner | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2005-2950 | 1 Sawmill | 1 Sawmill | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. | |||||
| CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension. | |||||
| CVE-2005-3518 | 1 Punbb | 1 Punbb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. | |||||
| CVE-2005-3207 | 1 Oracle | 1 Forms | 2017-07-11 | 5.0 MEDIUM | N/A |
| The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote attackers to cause a denial of service (TNS listener stop) via a userid parameter that contains a STOP command. | |||||
| CVE-2005-3208 | 1 Aenovo | 3 Aenovo, Aenovoshop, Aenovowysi | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages. | |||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 2.1 LOW | N/A |
| image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | |||||
| CVE-2005-3546 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2017-07-11 | 7.2 HIGH | N/A |
| suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. | |||||
| CVE-2005-3569 | 1 Ibm | 1 Db2 Content Manager | 2017-07-11 | 5.0 MEDIUM | N/A |
| INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | |||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | |||||
| CVE-2005-3707 | 1 Apple | 1 Quicktime | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | |||||
| CVE-2005-3772 | 1 Joomla | 1 Joomla | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified methods in the mosDBTable class. | |||||
| CVE-2005-3795 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php and the (2) firstname and (3) lastname parameters in index.php. | |||||
| CVE-2005-3862 | 1 Unalz | 1 Unalz | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives. | |||||
| CVE-2005-3804 | 1 Cisco | 1 7920 Wireless Ip Phone | 2017-07-11 | 6.4 MEDIUM | N/A |
| Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service. | |||||
| CVE-2005-3746 | 1 Apboard | 1 Apboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-3762 | 1 Exponent | 1 Exponent | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter. | |||||
| CVE-2005-3794 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts. | |||||
| CVE-2005-3684 | 1 Freeftpd | 1 Freeftpd | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands. | |||||
| CVE-2005-3694 | 1 Centericq | 1 Centericq | 2017-07-11 | 7.8 HIGH | N/A |
| centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus. | |||||
| CVE-2005-3708 | 1 Apple | 1 Quicktime | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | |||||
| CVE-2005-3803 | 1 Cisco | 1 7920 Wireless Ip Phone | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ("fixed") public and private SNMP community strings that cannot be changed, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-3798 | 1 Alstrasoft | 1 Template Seller | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field. | |||||
| CVE-2005-3704 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| System log server in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to spoof syslog messages in log files by injecting various control characters such as newline (NL). | |||||
| CVE-2005-3683 | 1 Freeftpd | 1 Freeftpd | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command. | |||||
| CVE-2005-3700 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. | |||||