Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2005-0786 | 1 Simpgb | 1 Simpgb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. | |||||
| CVE-2005-0787 | 1 Wine | 1 Wine | 2017-07-11 | 2.1 LOW | N/A |
| Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. | |||||
| CVE-2005-0788 | 1 Limewire | 1 Limewire | 2017-07-11 | 5.0 MEDIUM | N/A |
| LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. | |||||
| CVE-2005-0841 | 1 Phpmyfamily | 1 Phpmyfamily | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field. | |||||
| CVE-2005-0789 | 1 Limewire | 1 Limewire | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request. | |||||
| CVE-2005-0790 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0791 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. | |||||
| CVE-2005-0792 | 1 Zpanel | 1 Zpanel | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php. | |||||
| CVE-2005-0794 | 1 Zpanel | 1 Zpanel | 2017-07-11 | 6.4 MEDIUM | N/A |
| ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php. | |||||
| CVE-2005-0795 | 1 Hola | 1 Holacms | 2017-07-11 | 5.0 MEDIUM | N/A |
| HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. | |||||
| CVE-2005-0802 | 1 Asp Press | 1 Acs Blog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-0807 | 1 Oxid | 1 Cain And Abel | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters. | |||||
| CVE-2005-0848 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl. | |||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | |||||
| CVE-2005-0823 | 1 Thepoolclub | 2 Ipool, Isnooker | 2017-07-11 | 4.6 MEDIUM | N/A |
| ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. | |||||
| CVE-2005-0826 | 1 Ollydbg | 1 Ollydbg | 2017-07-11 | 5.0 MEDIUM | N/A |
| OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename. | |||||
| CVE-2005-0827 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. | |||||
| CVE-2005-0828 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php. | |||||
| CVE-2005-0837 | 1 Icecast | 1 Icecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). | |||||
| CVE-2005-0838 | 1 Icecast | 1 Icecast | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag. | |||||
| CVE-2005-0854 | 1 Betaparticle | 1 Betaparticle Blog | 2017-07-11 | 7.5 HIGH | N/A |
| betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. | |||||
| CVE-2005-0857 | 1 Coolforum | 1 Coolforum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. | |||||
| CVE-2005-0919 | 1 Adventia | 2 Adventia Chat, Adventia Server Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks. | |||||
| CVE-2005-0858 | 1 Coolforum | 1 Coolforum | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php. | |||||
| CVE-2005-0861 | 1 Delegate | 1 Delegate | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays." | |||||
| CVE-2005-0863 | 1 Phpopenchat | 1 Phpopenchat | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. | |||||
| CVE-2005-0869 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0870 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. | |||||
| CVE-2005-0871 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. | |||||
| CVE-2005-0872 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2005-0876 | 1 Dnsmasq | 1 Dnsmasq | 2017-07-11 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. | |||||
| CVE-2005-0877 | 1 Dnsmasq | 1 Dnsmasq | 2017-07-11 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | |||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). | |||||
| CVE-2005-0879 | 1 Vortex Portal | 1 Vortex Portal | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter. | |||||
| CVE-2005-0880 | 1 Vortex Portal | 1 Vortex Portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message. | |||||
| CVE-2005-0881 | 1 Interspire | 1 Articlelive | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter. | |||||
| CVE-2005-0882 | 1 Birdblog | 1 Birdblog | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters. | |||||
| CVE-2005-0883 | 1 Digitalhive | 1 Digitalhive | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in base.php for DigitalHive 2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the mt parameter to the membres.php page or (2) the -afs-1- query string to the msg.php page. | |||||
| CVE-2005-0884 | 1 Digitalhive | 1 Digitalhive | 2017-07-11 | 7.5 HIGH | N/A |
| DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script. | |||||
| CVE-2005-0887 | 1 Michael Dean | 1 Double Choco Latte | 2017-07-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Double Choco Latte before 0.9.4.3 allows remote attackers to execute arbitrary PHP code via the menuAction variable in (1) functions.inc.php or (2) main.php, which causes code to be injected into an eval statement. | |||||
| CVE-2005-0888 | 1 Michael Dean | 1 Double Choco Latte | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name. | |||||
| CVE-2005-0924 | 1 Adventia | 1 E-data | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword. | |||||
| CVE-2005-0913 | 1 Smarty | 1 Smarty | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code. | |||||
| CVE-2005-0945 | 1 Asp Press | 1 Acs Blog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags. | |||||
| CVE-2005-0947 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the page parameter. | |||||
| CVE-2005-0948 | 1 Iatek | 1 Portalapp | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter. | |||||
| CVE-2005-0949 | 1 Iatek | 1 Portalapp | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter. | |||||