Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1288 | 1 Asp Press | 1 Acs Blog | 2016-10-18 | 7.5 HIGH | N/A |
| inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. | |||||
| CVE-2005-1202 | 1 Egroupware | 1 Egroupware | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter. | |||||
| CVE-2005-1199 | 1 Infopop | 1 Ultimate Bulletin Board | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter. | |||||
| CVE-2005-1301 | 1 Nprotect | 1 Netizen | 2016-10-18 | 2.6 LOW | N/A |
| nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. | |||||
| CVE-2005-1198 | 1 Anaconda Partners | 1 Foundation Directory | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter. | |||||
| CVE-2005-1289 | 1 E-cart | 1 E-cart | 2016-10-18 | 7.5 HIGH | N/A |
| index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. | |||||
| CVE-2005-1302 | 1 Swsoft | 1 Confixx | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. | |||||
| CVE-2005-1298 | 1 Inserter.cgi | 1 Inserter.cgi | 2016-10-18 | 7.5 HIGH | N/A |
| The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2005-1300 | 1 Inserter.cgi | 1 Inserter.cgi | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | |||||
| CVE-2005-1290 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. | |||||
| CVE-2005-1305 | 1 Hyper.cgi | 1 Hyper.cgi | 2016-10-18 | 5.0 MEDIUM | N/A |
| The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2005-1293 | 1 Storeportal | 1 Storeportal | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter. | |||||
| CVE-2005-1197 | 1 Oracle | 1 Database Server | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter. | |||||
| CVE-2005-1294 | 1 Nokia | 1 Affix | 2016-10-18 | 7.2 HIGH | N/A |
| The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | |||||
| CVE-2005-1325 | 1 Matthieu Aubry | 1 Phpmyvisites | 2016-10-18 | 5.0 MEDIUM | N/A |
| set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. | |||||
| CVE-2005-1295 | 1 Include.cgi | 1 Include.cgi | 2016-10-18 | 7.5 HIGH | N/A |
| include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2005-1286 | 1 Softwin | 1 Bitdefender Antivirus | 2016-10-18 | 1.2 LOW | N/A |
| Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. | |||||
| CVE-2005-1299 | 1 Inserter.cgi | 1 Inserter.cgi | 2016-10-18 | 10.0 HIGH | N/A |
| The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2005-1136 | 1 Sphpblog | 1 Sphpblog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | |||||
| CVE-2005-1135 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | |||||
| CVE-2005-1117 | 1 All4www | 1 All4www-homepagecreator | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1115 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | |||||
| CVE-2005-1106 | 1 Apple | 1 Quicktime Pictureviewer | 2016-10-18 | 5.0 MEDIUM | N/A |
| PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. | |||||
| CVE-2005-1105 | 1 Sun | 1 Javamail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. | |||||
| CVE-2005-1104 | 1 Centra | 1 Centra | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. | |||||
| CVE-2005-1103 | 1 Sygate Technologies | 1 Security Agent | 2016-10-18 | 4.6 MEDIUM | N/A |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | |||||
| CVE-2005-1102 | 1 Wordpress | 1 Wordpress | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. | |||||
| CVE-2005-1079 | 1 Mike De Boer | 1 Zoom Media Gallery | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2005-1078 | 1 Xampp | 1 Apache Distribution | 2016-10-18 | 7.5 HIGH | N/A |
| XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. | |||||
| CVE-2005-1077 | 1 Xampp | 1 Apache Distribution | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. | |||||
| CVE-2005-1071 | 1 Jportal | 1 Jportal Web Portal | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | |||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | |||||
| CVE-2005-1173 | 1 Pmsoftware | 1 Simple Web Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2005-1172 | 1 Coppermine | 1 Coppermine Photo Gallery | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. | |||||
| CVE-2005-1170 | 1 Datenbank Module | 1 Datenbank Module | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1169 | 1 Mafia | 1 Mafia Blog | 2016-10-18 | 7.5 HIGH | N/A |
| Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php. | |||||
| CVE-2005-1168 | 1 Musicmatch | 1 Jukebox | 2016-10-18 | 5.0 MEDIUM | N/A |
| DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. | |||||
| CVE-2005-1167 | 1 Musicmatch | 1 Jukebox | 2016-10-18 | 2.1 LOW | N/A |
| Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information. | |||||
| CVE-2005-1166 | 1 Dameware Development | 2 Dameware Nt Utilities, Miniremote Control | 2016-10-18 | 2.1 LOW | N/A |
| The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. | |||||
| CVE-2005-1142 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values. | |||||
| CVE-2005-1141 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-18 | 7.5 HIGH | N/A |
| Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | |||||
| CVE-2005-1064 | 1 Rsnapshot | 1 Filesystem Snapshot Utility | 2016-10-18 | 4.6 MEDIUM | N/A |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | |||||
| CVE-2005-1033 | 1 Devellion | 1 Cubecart | 2016-10-18 | 5.0 MEDIUM | N/A |
| CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0956 | 1 Interakt | 1 Mx Kart | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter. | |||||
| CVE-2005-0982 | 1 Yet Another Forum.net | 1 Yet Another Forum.net | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field. | |||||
| CVE-2005-0984 | 1 Lucasarts | 1 Star Wars Jedi Knight Jedi Academy | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell. | |||||
| CVE-2005-1047 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| Meilad File upload script (up.php) mod for phpBB 2.0.x does not properly limit the types of files that can be uploaded, which allows remote authenticated users to execute arbitrary commands by uploading PHP files, then directly requesting them from the uploads directory. | |||||