Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3797 | 1 Alstrasoft | 1 Template Seller | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter. | |||||
| CVE-2005-3706 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 6.4 MEDIUM | N/A |
| Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory. | |||||
| CVE-2005-3690 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the IMAP service (meimaps.exe) of MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allows remote attackers to execute arbitrary code via a long mailbox name in the (1) select, (2) create, (3) delete, (4) rename, (5) subscribe, or (6) unsubscribe commands. | |||||
| CVE-2005-3846 | 1 Fscripts | 1 Fantastic News | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-3800 | 1 Macromedia | 1 Contribute Publishing Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sensitive information. | |||||
| CVE-2005-3793 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password to admin/admin_validate_login, or the (3) login, (4) password, and (5) flag parameters to login_validate.php. | |||||
| CVE-2005-3843 | 1 Nicecoder | 1 Idesk | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2005-3705 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in WebKit in Mac OS X and OS X Server 10.3.9 and 10.4.3, as used in applications such as Safari, allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2005-3767 | 1 Exponent | 1 Exponent | 2017-07-11 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files. | |||||
| CVE-2005-3796 | 1 Alstrasoft | 1 Affiliate Network Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is not clear from the original report whether administrator privileges are required. If not, then this does not cross privilege boundaries and is not a vulnerability. | |||||
| CVE-2005-0285 | 1 Bottomline | 1 Webseries Payment Application | 2017-07-11 | 4.6 MEDIUM | N/A |
| Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs. | |||||
| CVE-2005-0286 | 1 Emotion | 1 Mediapartner Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file. | |||||
| CVE-2005-0287 | 1 Bottomline | 1 Webseries Payment Application | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values. | |||||
| CVE-2004-2606 | 1 Linksys | 2 Befsr41 V3, Wrt54g | 2017-07-11 | 7.5 HIGH | N/A |
| The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | |||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2017-07-11 | 2.1 LOW | N/A |
| aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | |||||
| CVE-2004-2604 | 1 Phproxy | 1 Phproxy | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. | |||||
| CVE-2004-2602 | 1 Ubertec | 1 Help Center Live | 2017-07-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php. | |||||
| CVE-2004-2601 | 1 Ubertec | 1 Help Center Live | 2017-07-11 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. | |||||
| CVE-2005-0288 | 1 Bottomline | 1 Webseries Payment Application | 2017-07-11 | 3.6 LOW | N/A |
| The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | |||||
| CVE-2005-0289 | 1 Apple | 2 Airport Express, Airport Extreme | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs. | |||||
| CVE-2004-2599 | 1 Id Software | 1 Quake Ii Server | 2017-07-11 | 2.1 LOW | N/A |
| Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon. | |||||
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | |||||
| CVE-2004-2595 | 1 Id Software | 1 Quake Ii Server Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data. | |||||
| CVE-2004-2594 | 1 Id Software | 1 Quake Ii Server Windows | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". | |||||
| CVE-2004-2593 | 1 Id Software | 1 Quake Ii Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | |||||
| CVE-2004-2591 | 1 Buttuglysoftware | 1 Cleancache | 2017-07-11 | 2.1 LOW | N/A |
| The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data. | |||||
| CVE-2004-2590 | 1 Meindlsoft | 1 Cute Php Library | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions. | |||||
| CVE-2004-2589 | 1 Rob Flynn | 1 Gaim | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory. | |||||
| CVE-2005-0290 | 1 Netgear | 1 Fvs318 | 2017-07-11 | 7.5 HIGH | N/A |
| NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension. | |||||
| CVE-2005-0291 | 1 Netgear | 1 Fvs318 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase. | |||||
| CVE-2005-0292 | 1 Php Gift Registry | 1 Phpgiftreg | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters. | |||||
| CVE-2005-0293 | 1 Minis | 1 Minis | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter. | |||||
| CVE-2005-0294 | 1 Minis | 1 Minis | 2017-07-11 | 5.0 MEDIUM | N/A |
| minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter. | |||||
| CVE-2005-0295 | 1 Inca | 1 Nprotect Gameguard | 2017-07-11 | 4.6 MEDIUM | N/A |
| npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges. | |||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2017-07-11 | 5.0 MEDIUM | N/A |
| login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | |||||
| CVE-2004-2586 | 1 Smartertools | 1 Smartermail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | |||||
| CVE-2005-0299 | 1 Gforge | 1 Gforge | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php. | |||||
| CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | |||||
| CVE-2004-2584 | 1 Smartertools | 1 Smartermail | 2017-07-11 | 4.0 MEDIUM | N/A |
| frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte ("%00"). NOTE: it is not clear whether this issue poses a vulnerability. | |||||
| CVE-2004-2583 | 1 Smartertools | 1 Smartermail | 2017-07-11 | 7.8 HIGH | N/A |
| SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25. | |||||
| CVE-2004-2582 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-2581 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string." | |||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2017-07-11 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | |||||
| CVE-2004-2579 | 1 Novell | 1 Ichain | 2017-07-11 | 7.5 HIGH | N/A |
| ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | |||||
| CVE-2005-0300 | 1 Jsboard | 1 Jsboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. | |||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | |||||
| CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2017-07-11 | 5.0 MEDIUM | N/A |
| class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | |||||
| CVE-2005-0301 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 7.5 HIGH | N/A |
| comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | |||||
| CVE-2004-2572 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable. | |||||