Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1099 | 1 Salim Gasmi | 1 Gld | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-1100 | 1 Salim Gasmi | 1 Gld | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. | |||||
| CVE-2005-1101 | 1 Ibm | 1 Lotus Domino Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields. | |||||
| CVE-2005-1108 | 1 Junkbuster | 1 Internet Junkbuster | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. | |||||
| CVE-2005-1109 | 1 Junkbuster | 1 Internet Junkbuster | 2017-07-11 | 7.5 HIGH | N/A |
| The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. | |||||
| CVE-2005-1110 | 1 Sumus | 1 Sumus | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. | |||||
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | |||||
| CVE-2005-1113 | 1 Phpbb Group | 1 Phpbb Plus | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. | |||||
| CVE-2005-1114 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. | |||||
| CVE-2005-1495 | 1 Oracle | 3 Application Server, Oracle10g, Oracle9i | 2017-07-11 | 7.5 HIGH | N/A |
| Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection. | |||||
| CVE-2005-1496 | 1 Oracle | 2 Application Server, Oracle10g | 2017-07-11 | 4.6 MEDIUM | N/A |
| The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user. | |||||
| CVE-2005-1118 | 1 Rsa | 1 Authentication Agent For Web | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. | |||||
| CVE-2005-1120 | 1 Ilohamail | 1 Ilohamail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type. | |||||
| CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | |||||
| CVE-2005-1543 | 1 Novell | 5 Zenworks, Zenworks Desktops, Zenworks Remote Management and 2 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests. | |||||
| CVE-2005-1544 | 1 Libtiff | 1 Libtiff | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. | |||||
| CVE-2005-1127 | 1 Postgrey | 1 Postgrey | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. | |||||
| CVE-2005-1129 | 1 Egroupware | 1 Egroupware | 2017-07-11 | 2.1 LOW | N/A |
| eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. | |||||
| CVE-2005-1130 | 1 Desert Dog Software | 1 Pinnacle Cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. | |||||
| CVE-2005-1132 | 1 Lg Electronics | 1 Lg Mobile Phone | 2017-07-11 | 5.0 MEDIUM | N/A |
| LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | |||||
| CVE-2005-1134 | 1 S9y | 1 Serendipity | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. | |||||
| CVE-2005-1146 | 1 Calendarscript | 1 Calendarscript | 2017-07-11 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145. | |||||
| CVE-2005-1147 | 1 Calendarscript | 1 Calendarscript | 2017-07-11 | 5.0 MEDIUM | N/A |
| calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. | |||||
| CVE-2005-1148 | 1 Calendarscript | 1 Calendarscript | 2017-07-11 | 5.0 MEDIUM | N/A |
| calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | |||||
| CVE-2005-1161 | 1 Oneworldstore | 1 Oneworldstore | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp. | |||||
| CVE-2005-1165 | 1 Yager Development | 1 Yager Game | 2017-07-11 | 5.0 MEDIUM | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data. | |||||
| CVE-2005-1176 | 1 Ibm | 1 Aix | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. | |||||
| CVE-2005-1171 | 1 Datenbank Module | 1 Datenbank Module | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1178 | 1 Oracle | 1 Forms | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature. | |||||
| CVE-2005-1179 | 1 Xerox | 19 Workcentre, Workcentre 165, Workcentre 175 and 16 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703. | |||||
| CVE-2005-1180 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter. | |||||
| CVE-2005-1181 | 1 Ariadne | 1 Ariadne Cms | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005. | |||||
| CVE-2005-1182 | 1 Ibm | 1 Os 400 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | |||||
| CVE-2005-1183 | 1 Mvnforum | 1 Mvnforum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter. | |||||
| CVE-2005-1185 | 1 Musicmatch | 1 Jukebox | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. | |||||
| CVE-2005-1186 | 1 Musicmatch | 1 Jukebox | 2017-07-11 | 6.8 MEDIUM | N/A |
| Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks. | |||||
| CVE-2005-1187 | 1 X-ways Software Technology Ag | 1 Winhex | 2017-07-11 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability. | |||||
| CVE-2005-1188 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. | |||||
| CVE-2005-1189 | 1 Webcamxp | 1 Webcamxp Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. | |||||
| CVE-2005-1190 | 1 Webcamxp | 1 Webcamxp Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. | |||||
| CVE-2005-1193 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | |||||
| CVE-2005-1195 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. | |||||
| CVE-2005-1200 | 1 Azbb | 1 Az Bulletin Board | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1201 | 1 Azbb | 1 Az Bulletin Board | 2017-07-11 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist. | |||||
| CVE-2005-1220 | 1 Knusperleicht | 1 Shoutbox Script | 2017-07-11 | 7.5 HIGH | N/A |
| Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | |||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-1222 | 1 Netref | 1 Netref | 2017-07-11 | 7.5 HIGH | N/A |
| cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | |||||
| CVE-2005-1223 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | |||||
| CVE-2005-1225 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | |||||
| CVE-2005-1226 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-11 | 7.5 HIGH | N/A |
| Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | |||||