Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2571 | 1 Enderunix | 1 Isoqlog | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) parseSendmailFromBytesLine, (5) parseSendmailToLine, (6) parseEximFromBytesLine, and (7) parseEximToLine functions in Parser.c; allow local users to execute arbitrary code via the (8) lowercase and (9) check_syslog_date functions in Parser.c, and (10) unspecified functions in Dir.c; and allow unspecified attackers to execute arbitrary code via the (11) loadconfig and (12) removespaces functions in loadconfig.c, the (13) loadLang function in LangCfg.c, and (14) unspecified functions in Html.c. | |||||
| CVE-2004-2569 | 1 David Stes | 1 Ipmenu | 2017-07-11 | 2.1 LOW | N/A |
| ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file. | |||||
| CVE-2005-0302 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | |||||
| CVE-2005-0304 | 1 Divx | 1 Divx Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. | |||||
| CVE-2005-0305 | 1 Siteman | 1 Siteman | 2017-07-11 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. | |||||
| CVE-2004-2567 | 1 Recipants | 1 Recipants | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields. | |||||
| CVE-2004-2566 | 1 Liveworld | 4 Livechat, Livefocusgroup, Liveforum and 1 more | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa. | |||||
| CVE-2005-0306 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message. | |||||
| CVE-2004-2565 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp. | |||||
| CVE-2004-2564 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp. | |||||
| CVE-2004-2563 | 1 Serena Software | 1 Serena Teamtrack | 2017-07-11 | 5.8 MEDIUM | N/A |
| Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters. | |||||
| CVE-2004-2562 | 1 Leigh Business Enterprises | 1 Web Helpdesk | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-0631 | 1 Pblang | 1 Pblang | 2017-07-11 | 2.1 LOW | N/A |
| delpm.php in PBLang 4.63 allows remote authenticated users to delete arbitrary PM files by modifying the "id" and "a" parameters. | |||||
| CVE-2004-2561 | 1 Internet Sofware Sciences | 1 Web\+center | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp. | |||||
| CVE-2004-2560 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-11 | 7.5 HIGH | N/A |
| DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate extension such as ".php" or ".cgi". | |||||
| CVE-2004-2559 | 1 Andreas Gohr | 1 Dokuwiki | 2017-07-11 | 7.5 HIGH | N/A |
| DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks. | |||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | |||||
| CVE-2005-0308 | 1 Ursoftware | 1 W32dasm | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. | |||||
| CVE-2005-0309 | 1 Exponent | 1 Exponent | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. | |||||
| CVE-2005-0310 | 1 Exponent | 1 Exponent | 2017-07-11 | 5.0 MEDIUM | N/A |
| Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined. | |||||
| CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | |||||
| CVE-2005-0312 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2017-07-11 | 2.1 LOW | N/A |
| WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability. | |||||
| CVE-2005-0630 | 1 Pblang | 1 Pblang | 2017-07-11 | 2.1 LOW | N/A |
| sendpm.php in PBLang 4.63 allows remote authenticated users to read arbitrary files via a full pathname in the orig parameter. | |||||
| CVE-2005-0629 | 1 427bb | 1 Fourtwosevenbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters. | |||||
| CVE-2005-0313 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE. | |||||
| CVE-2005-0314 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. | |||||
| CVE-2005-0651 | 1 Projectbb | 1 Projectbb | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section. | |||||
| CVE-2005-0315 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. | |||||
| CVE-2005-0650 | 1 Projectbb | 1 Projectbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. | |||||
| CVE-2005-0316 | 1 Webwasher | 1 Webwasher Classic | 2017-07-11 | 7.5 HIGH | N/A |
| WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-0317 | 1 Alt-n | 1 Webadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2005-0319 | 1 Alt-n | 1 Webadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. | |||||
| CVE-2005-0320 | 1 Icewarp | 1 Web Mail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. | |||||
| CVE-2005-0321 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 2.1 LOW | N/A |
| MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. | |||||
| CVE-2005-0322 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 7.2 HIGH | N/A |
| MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords. | |||||
| CVE-2005-0323 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2005-0324 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. | |||||
| CVE-2005-0325 | 1 Techland | 1 Xpand Rally | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations. | |||||
| CVE-2005-0326 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 5.0 MEDIUM | N/A |
| pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script. | |||||
| CVE-2005-0327 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php. | |||||
| CVE-2005-0328 | 2 Netgear, Zyxel | 3 Rt311, Rt314, Prestige | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. | |||||
| CVE-2005-0329 | 1 Zipgenius | 1 Zipgenius | 2017-07-11 | 2.6 LOW | N/A |
| Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences. | |||||
| CVE-2005-0330 | 1 People Can Fly | 1 Painkiller | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash. | |||||
| CVE-2005-0725 | 1 Wf-sections | 1 Wf-sections | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php. | |||||
| CVE-2005-0331 | 1 Rarlab | 1 Winrar | 2017-07-11 | 2.6 LOW | N/A |
| Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file. | |||||
| CVE-2005-0332 | 1 Ventia | 1 Desknow Mail And Collaboration Server | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do. | |||||
| CVE-2005-0333 | 1 Lanchat Pro Revival | 1 Lanchat Pro Revival | 2017-07-11 | 5.0 MEDIUM | N/A |
| LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet. | |||||
| CVE-2005-0334 | 1 Linksys | 1 Psus4 Printserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value. | |||||
| CVE-2005-0335 | 1 Emotion | 1 Mediapartner Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2005-0336 | 1 Emotion | 1 Mediapartner Web Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML. | |||||