Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0270 | 1 Photopost | 1 Reviewpost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php. | |||||
| CVE-2005-0271 | 1 Photopost | 1 Reviewpost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php. | |||||
| CVE-2005-0272 | 1 Photopost | 1 Reviewpost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions. | |||||
| CVE-2005-0273 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter. | |||||
| CVE-2005-0274 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. | |||||
| CVE-2005-0275 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. | |||||
| CVE-2005-0276 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands. | |||||
| CVE-2005-0277 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls. | |||||
| CVE-2005-0278 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message. | |||||
| CVE-2005-0279 | 1 Jowood Productions | 1 Soldner Secret Wars | 2017-07-11 | 5.0 MEDIUM | N/A |
| Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet. | |||||
| CVE-2005-0280 | 1 Jowood Productions | 1 Soldner Secret Wars | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message. | |||||
| CVE-2005-0281 | 1 Jowood Productions | 1 Soldner Secret Wars | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs. | |||||
| CVE-2005-0282 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2005-0303 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2005-0283 | 1 David Barrett | 1 Qwikiwiki | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter. | |||||
| CVE-2005-0284 | 1 Woltlab | 1 Burning Book | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | |||||
| CVE-2005-0471 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. | |||||
| CVE-2005-0434 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. | |||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2017-07-11 | 5.0 MEDIUM | N/A |
| Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | |||||
| CVE-2005-0566 | 1 Kmint21 Software | 1 Golden Ftp Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command. | |||||
| CVE-2005-0567 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1177 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | |||||
| CVE-2005-1005 | 1 Profitcode | 1 Payprocart | 2017-07-11 | 7.5 HIGH | N/A |
| ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter. | |||||
| CVE-2005-0637 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. | |||||
| CVE-2005-0652 | 1 Hp | 1 Openvms | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | |||||
| CVE-2005-0657 | 1 Computalynx | 1 Cproxy | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot) in an HTTP request. | |||||
| CVE-2005-0663 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | |||||
| CVE-2005-0669 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module. | |||||
| CVE-2005-0670 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. | |||||
| CVE-2005-1391 | 1 Apsis | 1 Pound | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | |||||
| CVE-2005-0681 | 1 Nokia | 1 Series | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | |||||
| CVE-2005-0685 | 1 Outstart | 1 Participate Enterprise | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands. | |||||
| CVE-2005-0707 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. | |||||
| CVE-2005-0719 | 1 Hp | 1 Tru64 | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. | |||||
| CVE-2005-0729 | 1 Techland | 1 Xpand Rally | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message. | |||||
| CVE-2005-0730 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. | |||||
| CVE-2005-0731 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. | |||||
| CVE-2005-0732 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message. | |||||
| CVE-2005-0733 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not. | |||||
| CVE-2005-0734 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests. | |||||
| CVE-2005-0743 | 1 Xoops | 1 Xoops | 2017-07-11 | 7.5 HIGH | N/A |
| The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | |||||
| CVE-2005-0744 | 1 Novell | 1 Ichain | 2017-07-11 | 10.0 HIGH | N/A |
| The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. | |||||
| CVE-2005-0746 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||||
| CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | |||||
| CVE-2005-0774 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | |||||
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | |||||
| CVE-2005-0777 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. | |||||
| CVE-2005-0778 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | |||||
| CVE-2005-0781 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | |||||