Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1227 | 1 Phprojekt | 1 Phprojekt | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. | |||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2017-07-11 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | |||||
| CVE-2005-1233 | 1 Php Labs | 1 Profile | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters. | |||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2017-07-11 | 7.5 HIGH | N/A |
| By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | |||||
| CVE-2005-1239 | 1 Raz-lee | 1 Security\+\+\+ | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1240 | 1 Castlehill | 1 Secure Net | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1242 | 1 Bsafe | 1 Global Security | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1243 | 1 Safestone Technologies | 1 Axcessit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable." | |||||
| CVE-2005-1245 | 1 Mediawiki | 1 Mediawiki | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1270 | 1 Gentoo | 1 Rootkit Hunter | 2017-07-11 | 2.1 LOW | N/A |
| The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1282 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. | |||||
| CVE-2005-1283 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | |||||
| CVE-2005-1284 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | |||||
| CVE-2005-1291 | 1 Cartwiz | 1 Asp Cart | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | |||||
| CVE-2005-1292 | 1 Elemental Software | 1 Cartwiz | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. | |||||
| CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | |||||
| CVE-2005-1323 | 1 Intersoft | 1 Netterm | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2005-1324 | 1 Matthieu Aubry | 1 Phpmyvisites | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters. | |||||
| CVE-2005-1347 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 2.6 LOW | N/A |
| ** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED. | |||||
| CVE-2005-1349 | 1 Perl | 1 Convert Uulib | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. | |||||
| CVE-2005-1360 | 1 Graycms | 1 Graycms | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1361 | 1 Metalinks | 1 Metacart E-shop | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. | |||||
| CVE-2005-1364 | 1 Metalinks | 1 Metabid Auctions | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | |||||
| CVE-2005-1370 | 1 Hp | 1 Openview Radia Management Portal | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2005-1371 | 1 Bulletproof | 1 Bulletproof Ftp Server | 2017-07-11 | 7.2 HIGH | N/A |
| BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges. | |||||
| CVE-2005-1372 | 1 Bakbone | 1 Netvault | 2017-07-11 | 4.6 MEDIUM | N/A |
| nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu. | |||||
| CVE-2005-1373 | 1 Dream4 | 1 Koobi Cms | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | |||||
| CVE-2005-1374 | 1 Claroline | 1 Claroline | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. | |||||
| CVE-2005-1375 | 1 Claroline | 1 Claroline | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php. | |||||
| CVE-2005-1376 | 1 Claroline | 1 Claroline | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | |||||
| CVE-2005-1377 | 1 Claroline | 1 Claroline | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors. | |||||
| CVE-2005-1378 | 1 Oxpus | 1 Phpbb Personal Notes Module | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors. | |||||
| CVE-2005-1380 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. | |||||
| CVE-2005-1381 | 1 Oracle | 1 Application Server Web Cache | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. | |||||
| CVE-2005-1382 | 1 Oracle | 1 Application Server Web Cache | 2017-07-11 | 5.0 MEDIUM | N/A |
| The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | |||||
| CVE-2005-1383 | 1 Oracle | 1 Application Server | 2017-07-11 | 7.5 HIGH | N/A |
| The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | |||||
| CVE-2005-1384 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php. | |||||
| CVE-2005-1397 | 1 Php-calendar | 1 Php-calendar | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-1405 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 2.1 LOW | N/A |
| HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | |||||
| CVE-2005-1411 | 1 Cybration | 1 Icuii | 2017-07-11 | 4.6 MEDIUM | N/A |
| Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges. | |||||
| CVE-2005-1413 | 1 Envivosoft | 1 Envivo Cms | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp. | |||||
| CVE-2005-1414 | 1 Exoticsoft | 1 Filepocket | 2017-07-11 | 4.6 MEDIUM | N/A |
| ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges. | |||||
| CVE-2005-1418 | 1 Netleaf Limited | 1 Notjustbrowsing | 2017-07-11 | 4.6 MEDIUM | N/A |
| NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges. | |||||
| CVE-2005-1424 | 1 Stumbleinside | 1 Gotext | 2017-07-11 | 2.1 LOW | N/A |
| StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information. | |||||
| CVE-2005-1427 | 1 Uapplication | 1 Uphotogallery | 2017-07-11 | 7.5 HIGH | N/A |
| Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | |||||
| CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2017-07-11 | 7.5 HIGH | N/A |
| edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | |||||
| CVE-2005-1441 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | |||||
| CVE-2005-1478 | 1 Netwin | 1 Dmail | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. | |||||