Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2011 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. | |||||
| CVE-2005-2010 | 1 Uapplication | 1 Ublog Reload | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | |||||
| CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | |||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
| CVE-2005-1851 | 1 Ekg | 1 Ekg | 2016-10-18 | 10.0 HIGH | N/A |
| A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | |||||
| CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. | |||||
| CVE-2005-1944 | 1 Xmysqladmin | 1 Xmysqladmin | 2016-10-18 | 2.1 LOW | N/A |
| xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp. | |||||
| CVE-2005-1945 | 1 Invision Power Services | 1 Invision Community Blog | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. | |||||
| CVE-2005-1946 | 1 Invision Power Services | 1 Invision Community Blog | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. | |||||
| CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php. | |||||
| CVE-2005-1947 | 1 Invision Power Services | 1 Invision Gallery | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | |||||
| CVE-2005-1948 | 1 Invision Power Services | 1 Invision Gallery | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. | |||||
| CVE-2005-1949 | 1 E107 | 1 E107 | 2016-10-18 | 7.5 HIGH | N/A |
| The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter. | |||||
| CVE-2005-1950 | 1 Darryl Burgdorf | 1 Webhints | 2016-10-18 | 7.5 HIGH | N/A |
| hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2005-1966 | 1 E107 | 1 E107 | 2016-10-18 | 7.5 HIGH | N/A |
| The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter. | |||||
| CVE-2005-1891 | 1 Aol | 1 Instant Messenger | 2016-10-18 | 5.0 MEDIUM | N/A |
| The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | |||||
| CVE-2005-1931 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character. | |||||
| CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1871 | 1 Drupal | 1 Drupal | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly." | |||||
| CVE-2005-1870 | 1 Popper | 1 Popper | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter. | |||||
| CVE-2005-1899 | 1 Rakkarsoft | 1 Raknet | 2016-10-18 | 5.0 MEDIUM | N/A |
| Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet. | |||||
| CVE-2005-1973 | 1 Sun | 1 J2se | 2016-10-18 | 5.1 MEDIUM | N/A |
| Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges. | |||||
| CVE-2005-1954 | 1 Singapore | 1 Singapore | 2016-10-18 | 5.0 MEDIUM | N/A |
| singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message. | |||||
| CVE-2005-1997 | 1 Mcgallery | 1 Mcgallery | 2016-10-18 | 5.0 MEDIUM | N/A |
| show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter. | |||||
| CVE-2005-1998 | 1 Mcgallery | 1 Mcgallery | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2005-1999 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php). | |||||
| CVE-2005-2000 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. | |||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | |||||
| CVE-2005-1956 | 1 File Upload Manager | 1 File Upload Manager | 2016-10-18 | 5.0 MEDIUM | N/A |
| File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks. | |||||
| CVE-2005-1905 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2016-10-18 | 7.2 HIGH | N/A |
| The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs. | |||||
| CVE-2005-1875 | 1 Exhibit Engine | 1 Exhibit Engine | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | |||||
| CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2016-10-18 | 4.6 MEDIUM | N/A |
| Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | |||||
| CVE-2005-1953 | 1 Pico Server | 1 Pico Server | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2005-1850 | 1 Ekg | 1 Ekg | 2016-10-18 | 10.0 HIGH | N/A |
| Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | |||||
| CVE-2005-1955 | 1 Singapore | 1 Singapore | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
| CVE-2005-2002 | 1 Mambo | 1 Mambo | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | |||||
| CVE-2005-1952 | 1 Pico Server | 1 Pico Server | 2016-10-18 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count. | |||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | |||||
| CVE-2005-1916 | 1 Ekg | 1 Ekg | 2016-10-18 | 2.1 LOW | N/A |
| linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | |||||
| CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | |||||
| CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. | |||||
| CVE-2005-1834 | 1 Nextweb | 1 Nextweb \(i\)site | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | |||||
| CVE-2005-1702 | 1 Black Cactus | 2 Warrior Kings, Warrior Kings Battles | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname. | |||||
| CVE-2005-1774 | 1 Davfs2 | 1 Davfs2 | 2016-10-18 | 2.1 LOW | N/A |
| WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem. | |||||
| CVE-2005-1777 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-1827 | 1 D-link | 1 Dsl-504t | 2016-10-18 | 7.5 HIGH | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
| CVE-2005-1806 | 1 Peercast | 1 Peercast | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL. | |||||