Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2185 | 1 Emc | 1 Eroom | 2016-10-18 | 7.5 HIGH | N/A |
| eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks. | |||||
| CVE-2005-2186 | 1 Mcafee | 1 Intrushield Security Management System | 2016-10-18 | 1.9 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in McAfee IntruShield Security Management System allow remote authenticated users to inject arbitrary web script or HTML via the (1) thirdMenuName or (2) resourceName parameter to SystemEvent.jsp. | |||||
| CVE-2005-2187 | 1 Mcafee | 1 Intrushield Security Management System | 2016-10-18 | 4.6 MEDIUM | N/A |
| McAfee IntruShield Security Management System allows remote authenticated users to access the "Generate Reports" feature and modify alerts by setting the Access option to true, as demonstrated using the (1) fullAccess or (2) fullAccessRight parameter in reports-column-center.jsp, or (3) fullAccess parameter to SystemEvent.jsp. | |||||
| CVE-2005-2188 | 1 Mcafee | 1 Intrushield Security Management System | 2016-10-18 | 7.5 HIGH | N/A |
| McAfee IntruShield Security Management System obtains the user ID from the URL, which allows remote attackers to guess the Manager account and possibly gain privileges via a brute force attack. | |||||
| CVE-2005-2189 | 1 Lantronix | 1 Securelinx | 2016-10-18 | 5.0 MEDIUM | N/A |
| Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys. | |||||
| CVE-2005-2197 | 1 Id Board | 1 Id Board | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php. | |||||
| CVE-2005-2220 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2016-10-18 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem. | |||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2016-10-18 | 7.2 HIGH | N/A |
| Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | |||||
| CVE-2005-2229 | 1 Blog Torrent | 1 Blog Torrent | 2016-10-18 | 7.5 HIGH | N/A |
| Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. | |||||
| CVE-2005-2257 | 1 Phpslash | 1 Phpslash | 2016-10-18 | 10.0 HIGH | N/A |
| The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | |||||
| CVE-2005-2278 | 1 Mailenable | 1 Mailenable Professional | 2016-10-18 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name. | |||||
| CVE-2005-2287 | 1 Softiacom | 1 Wmailserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow. | |||||
| CVE-2005-2190 | 1 Comersus Open Technologies | 1 Comersus Cart | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Comersus shopping cart allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to comersus_optAffiliateRegistrationExec.asp or (2) idProduct parameter to comersus_optReviewReadExec.asp. | |||||
| CVE-2005-2191 | 1 Comersus Open Technologies | 1 Comersus Cart | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Comersus shopping cart allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to comersus_backoffice_listAssignedPricesToCustomer.asp or (2) message parameter to comersus_backoffice_message.asp. | |||||
| CVE-2005-2107 | 1 Wordpress | 1 Wordpress | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. | |||||
| CVE-2005-2108 | 1 Wordpress | 1 Wordpress | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. | |||||
| CVE-2005-2109 | 1 Wordpress | 1 Wordpress | 2016-10-18 | 5.0 MEDIUM | N/A |
| wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | |||||
| CVE-2005-2192 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-18 | 5.0 MEDIUM | N/A |
| SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. | |||||
| CVE-2005-2193 | 1 Punbb | 1 Punbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. | |||||
| CVE-2005-2111 | 1 Community Link Pro Web Editor | 1 Community Link Pro Web Editor | 2016-10-18 | 7.5 HIGH | N/A |
| login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. | |||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | |||||
| CVE-2005-2113 | 1 Xoops | 1 Xoops | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | |||||
| CVE-2005-2115 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation. | |||||
| CVE-2005-2132 | 1 Sco | 1 Unixware | 2016-10-18 | 2.1 LOW | N/A |
| RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests. | |||||
| CVE-2005-2060 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | |||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | |||||
| CVE-2005-2084 | 1 Telligent Systems | 1 Community Server Forums | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | |||||
| CVE-2005-2082 | 1 Cgi-club | 1 Imtrset | 2016-10-18 | 5.0 MEDIUM | N/A |
| im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter. | |||||
| CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2016-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | |||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | |||||
| CVE-2005-2065 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | |||||
| CVE-2005-2014 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 4.6 MEDIUM | N/A |
| The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | |||||
| CVE-2005-2067 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2005-2063 | 1 Active Web Softwares | 1 Activebuyandsell | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp. | |||||
| CVE-2005-2064 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. | |||||
| CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
| CVE-2005-2051 | 1 Symantec Veritas | 1 Backup Exec | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2106 | 1 Drupal | 1 Drupal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | |||||
| CVE-2005-2012 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | |||||
| CVE-2005-2049 | 1 Duware | 1 Duclassmate | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp. | |||||
| CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | |||||
| CVE-2005-2009 | 1 Ublog | 1 Reload | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | |||||
| CVE-2005-2046 | 1 Duware | 1 Duamazon Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | |||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | |||||
| CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | |||||
| CVE-2005-2058 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | |||||