Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0950 | 1 Faststone | 1 4in1 Browser | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows remote attackers to read arbitrary files via a (1) ... (triple dot) or (2) ..\ (dot dot backslash) in the URL. | |||||
| CVE-2005-0957 | 1 Bay Technical Associates | 1 Rpc3 Telnet | 2017-07-11 | 7.5 HIGH | N/A |
| Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote attackers to bypass authentication by pressing the escape and enter keys at the username prompt. | |||||
| CVE-2005-0962 | 1 Lighthouse Development | 1 Squirrelcart | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action. | |||||
| CVE-2005-0963 | 1 Toshiba | 1 Acpi Flash Bios | 2017-07-11 | 2.1 LOW | N/A |
| An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed. NOTE: it has been debated as to whether or not this issue poses a security vulnerability, since administrative privileges would be required, and other DoS attacks are possible with such privileges. | |||||
| CVE-2005-0964 | 1 Kerio | 1 Personal Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions. | |||||
| CVE-2005-0975 | 2 Apple, Opendarwin | 3 Mac Os X, Mac Os X Server, Darwin Kernel | 2017-07-11 | 2.1 LOW | N/A |
| Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header. | |||||
| CVE-2005-0978 | 1 Ivt | 1 Bluesoleil | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command. | |||||
| CVE-2005-0979 | 1 Netmanage | 1 Rumba | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted values in a profile file, as demonstrated using a long SysName field. | |||||
| CVE-2005-0992 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter. | |||||
| CVE-2005-1000 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module. | |||||
| CVE-2005-1001 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. | |||||
| CVE-2005-1003 | 1 Profitcode | 1 Payprocart | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the modID parameter. | |||||
| CVE-2005-1004 | 1 Profitcode | 1 Payprocart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter. | |||||
| CVE-2005-1007 | 1 Stalker | 1 Communigate Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages. | |||||
| CVE-2005-1009 | 1 Bakbone | 1 Netvault | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file. | |||||
| CVE-2005-1010 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username. | |||||
| CVE-2005-1012 | 1 Iatek | 1 Siteenable | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description. | |||||
| CVE-2005-1016 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL. | |||||
| CVE-2005-1019 | 1 Aeon | 1 Aeon | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. | |||||
| CVE-2005-1024 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | |||||
| CVE-2005-1034 | 1 Netwin | 1 Surgeftp | 2017-07-11 | 5.0 MEDIUM | N/A |
| SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | |||||
| CVE-2005-1162 | 1 Oneworldstore | 1 Oneworldstore | 2017-07-11 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp. | |||||
| CVE-2005-1045 | 1 Centrinity | 1 Centrinity Firstclass Desktop Client | 2017-07-11 | 7.5 HIGH | N/A |
| OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. | |||||
| CVE-2005-1048 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750. | |||||
| CVE-2005-1050 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. | |||||
| CVE-2005-1052 | 1 Microsoft | 2 Outlook, Outlook Web Access | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | |||||
| CVE-2005-1053 | 1 Moderngigabyte | 1 Modernbill | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. | |||||
| CVE-2005-1054 | 1 Moderngigabyte | 1 Modernbill | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2017-07-11 | 7.5 HIGH | N/A |
| TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. | |||||
| CVE-2005-1056 | 1 Hp | 1 Openview Network Node Manager | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. | |||||
| CVE-2005-1059 | 1 Linksys | 1 Wet11 | 2017-07-11 | 2.1 LOW | N/A |
| Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | |||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | |||||
| CVE-2005-1164 | 1 Yager Development | 1 Yager Game | 2017-07-11 | 5.0 MEDIUM | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length. | |||||
| CVE-2005-1068 | 1 Scssboard | 1 Scssboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags. | |||||
| CVE-2005-1069 | 1 Scssboard | 1 Scssboard | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page." | |||||
| CVE-2005-1070 | 1 Invision Power Services | 1 Invision Board | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. | |||||
| CVE-2005-1073 | 1 Radscripts | 1 Radbids | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter. | |||||
| CVE-2005-1074 | 1 Radscripts | 1 Radbids | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter. | |||||
| CVE-2005-1075 | 1 Radscripts | 1 Radbids | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php. | |||||
| CVE-2005-1081 | 1 Azerbaijan Development Group | 1 Azdgdating | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1086 | 1 An | 1 An-httpd | 2017-07-11 | 6.4 MEDIUM | N/A |
| Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header. | |||||
| CVE-2005-1087 | 1 An | 1 An-httpd | 2017-07-11 | 6.4 MEDIUM | N/A |
| CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | |||||
| CVE-2005-1088 | 1 Dameware Development | 2 Mini Remote Control, Nt Utilities | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights. | |||||
| CVE-2005-1090 | 1 Maxthon | 1 Maxthon | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. | |||||
| CVE-2005-1093 | 1 Popup Plus Plugin | 1 Popup Plus Plugin For Miranda Im | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2017-07-11 | 4.6 MEDIUM | N/A |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | |||||
| CVE-2005-1095 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-1096 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | |||||
| CVE-2005-1098 | 1 Runtime Software | 1 Getdataback For Ntfs | 2017-07-11 | 2.1 LOW | N/A |
| GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information. | |||||