Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1018 | 1 Ca | 1 Brightstor Arcserve Backup | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. | |||||
| CVE-2005-0955 | 1 Interakt | 1 Mx Shop | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter. | |||||
| CVE-2005-0999 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. | |||||
| CVE-2005-1026 | 2 Dlman Pro, Linkz Pro | 2 Dlman Pro, Linkz Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro). | |||||
| CVE-2005-1025 | 1 Ibm | 1 Iseries As 400 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library. | |||||
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | |||||
| CVE-2005-1002 | 1 Logics Software | 1 Log-ft | 2016-10-18 | 5.0 MEDIUM | N/A |
| logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters. | |||||
| CVE-2005-0983 | 4 Activision, Id Software, Lucasarts and 1 more | 10 Call Of Duty, Call Of Duty United Offensive, Return To Castle Wolfenstein and 7 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | |||||
| CVE-2005-1022 | 1 Macromedia | 1 Coldfusion | 2016-10-18 | 5.0 MEDIUM | N/A |
| ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-0980 | 1 Alstrasoft | 1 Epay | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1051 | 1 Punbb | 1 Punbb | 2016-10-18 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action. | |||||
| CVE-2005-0993 | 1 Sco | 1 Openserver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-0997 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. | |||||
| CVE-2005-0996 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | |||||
| CVE-2005-0998 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | |||||
| CVE-2005-0929 | 1 Photopost | 1 Photopost Php Pro | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php. | |||||
| CVE-2005-0928 | 1 Photopost | 1 Photopost Php Pro | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. | |||||
| CVE-2005-0935 | 1 Esmi | 1 Paypal Storefront | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php. | |||||
| CVE-2005-0902 | 1 Nukebookmarks | 1 Nukebookmarks | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-0909 | 1 Tkais Shoutbox | 1 Tkais Shoutbox | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter. | |||||
| CVE-2005-0936 | 1 Esmi | 1 Paypal Storefront | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-0868 | 4 Bosanova, Ibm, Mochasoft and 1 more | 4 Launcher400, Client Access, Tn5250 and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC. | |||||
| CVE-2005-0874 | 1 Cerulean Studios | 1 Trillian | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
| CVE-2005-0903 | 1 Apple | 1 Quicktime Pictureviewer | 2016-10-18 | 2.6 LOW | N/A |
| Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data. | |||||
| CVE-2005-0938 | 1 Uapplication | 1 Ublog Reload | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. | |||||
| CVE-2005-0899 | 1 Ibm | 1 Os 400 | 2016-10-18 | 2.1 LOW | N/A |
| AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search. | |||||
| CVE-2005-0895 | 1 Netcomm | 1 Nb1300 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets. | |||||
| CVE-2005-0905 | 1 Maxthon | 1 Maxthon | 2016-10-18 | 2.6 LOW | N/A |
| Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property. | |||||
| CVE-2005-0875 | 1 Cerulean Studios | 1 Trillian | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
| CVE-2005-0946 | 1 Coinsoft Technologies | 1 Phpcoin | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page. | |||||
| CVE-2005-0894 | 1 Openmosixview | 1 Openmosixview | 2016-10-18 | 3.6 LOW | N/A |
| OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. | |||||
| CVE-2005-0892 | 1 Smail | 1 Smail | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands. | |||||
| CVE-2005-0836 | 1 Sun | 1 J2se | 2016-10-18 | 10.0 HIGH | N/A |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. | |||||
| CVE-2005-0893 | 1 Smail | 1 Smail | 2016-10-18 | 7.6 HIGH | N/A |
| modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc. | |||||
| CVE-2005-0846 | 1 Netwin | 1 Surgemail | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. | |||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | |||||
| CVE-2005-0842 | 1 Kayako | 1 Esupport | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. | |||||
| CVE-2005-0898 | 1 Magicscripts | 1 E-store Kit-2 | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter. | |||||
| CVE-2005-0843 | 1 Phorum | 1 Phorum | 2016-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. | |||||
| CVE-2005-0900 | 1 Nukebookmarks | 1 Nukebookmarks | 2016-10-18 | 5.0 MEDIUM | N/A |
| marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message. | |||||
| CVE-2005-0897 | 1 Magicscripts | 1 E-store Kit-2 | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0845 | 1 Netwin | 1 Surgemail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter. | |||||
| CVE-2005-0925 | 1 Uapplication | 1 Ublog Reload | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2005-0901 | 1 Nukebookmarks | 1 Nukebookmarks | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter. | |||||
| CVE-2005-0726 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. | |||||
| CVE-2005-0793 | 1 Zpanel | 1 Zpanel | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter. | |||||
| CVE-2005-0796 | 1 Hola | 1 Holacms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory. | |||||
| CVE-2005-0798 | 1 Novell | 1 Ichain | 2016-10-18 | 7.5 HIGH | N/A |
| Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks. | |||||
| CVE-2005-0801 | 1 Includer.cgi | 1 Includer.cgi | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL. | |||||
| CVE-2005-0723 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. | |||||