Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0722 | 1 Experience2 | 1 Experience2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. | |||||
| CVE-2005-0804 | 1 Mailenable | 1 Mailenable Standard | 2016-10-18 | 5.0 MEDIUM | N/A |
| Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. | |||||
| CVE-2005-0768 | 1 Goodtech Systems | 1 Goodtech Telnet Server | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380. | |||||
| CVE-2005-0780 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0829 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters. | |||||
| CVE-2005-0770 | 1 Datarescue | 1 Ida Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a dynamic link library (DLL) name. | |||||
| CVE-2005-0724 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0754 | 5 Conectiva, Gentoo, Kde and 2 more | 6 Linux, Linux, Kde and 3 more | 2016-10-18 | 7.5 HIGH | N/A |
| Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0784 | 1 Phorum | 1 Phorum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. | |||||
| CVE-2005-0783 | 1 Phorum | 1 Phorum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. | |||||
| CVE-2005-0614 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | |||||
| CVE-2005-0645 | 1 Cutephp | 1 Cutenews | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. | |||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | |||||
| CVE-2005-0647 | 1 Php Arena | 1 Panews | 2016-10-18 | 5.0 MEDIUM | N/A |
| admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | |||||
| CVE-2005-0616 | 1 Postnuke Software Foundation | 1 Postnuke Phoenix | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. | |||||
| CVE-2005-0604 | 1 Gfi | 1 Languard Network Security Scanner | 2016-10-18 | 4.6 MEDIUM | N/A |
| lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. | |||||
| CVE-2005-0623 | 1 Raidenhttpd | 1 Raidenhttpd | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2005-0622 | 1 Raidenhttpd | 1 Raidenhttpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space. | |||||
| CVE-2005-0621 | 1 Enlight Software | 1 Scrapland | 2016-10-18 | 5.0 MEDIUM | N/A |
| Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets. | |||||
| CVE-2005-0615 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | |||||
| CVE-2005-0628 | 1 Demof | 1 Forumwa | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message. | |||||
| CVE-2005-0646 | 1 Php Arena | 1 Panews | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | |||||
| CVE-2005-0632 | 1 Phpnews | 1 Phpnews | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2005-0617 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | |||||
| CVE-2005-0633 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. | |||||
| CVE-2005-0658 | 1 Cmw Linklist | 1 Cmw Linklist | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. | |||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | |||||
| CVE-2005-0690 | 1 Gene6 | 1 G6 Ftp Server | 2016-10-18 | 2.1 LOW | N/A |
| Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command. | |||||
| CVE-2005-0689 | 1 Jimmy | 1 The Includer | 2016-10-18 | 7.5 HIGH | N/A |
| includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter. | |||||
| CVE-2005-0678 | 1 Stadtaus | 1 Form Mail Script | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0680 | 1 Stadtaus | 1 Download Center Lite | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0656 | 1 Arif Supriyanto | 1 Auracms | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. | |||||
| CVE-2005-0674 | 1 Php Arena | 1 Pabox | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request. | |||||
| CVE-2005-0659 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0721 | 1 Gamearena | 1 Experience2 | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0691 | 1 Socialmpn | 1 Socialmpn | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0695 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-18 | 5.0 MEDIUM | N/A |
| The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | |||||
| CVE-2005-0694 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-18 | 5.0 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | |||||
| CVE-2005-0692 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. | |||||
| CVE-2005-0655 | 1 Arif Supriyanto | 1 Auracms | 2016-10-18 | 5.0 MEDIUM | N/A |
| auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0513 | 1 Pmachine | 1 Pmachine Pro | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. | |||||
| CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | |||||
| CVE-2005-0602 | 1 Info-zip | 1 Unzip | 2016-10-18 | 6.2 MEDIUM | N/A |
| Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | |||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | |||||
| CVE-2005-0549 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function. | |||||
| CVE-2005-0542 | 1 Cyclades | 1 Alterpath Manager | 2016-10-18 | 4.6 MEDIUM | N/A |
| saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true. | |||||
| CVE-2005-0541 | 1 Cyclades | 1 Alterpath Manager | 2016-10-18 | 7.5 HIGH | N/A |
| consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | |||||
| CVE-2005-0568 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference. | |||||
| CVE-2005-0537 | 1 Igeneric | 1 Free Shopping Cart | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | |||||
| CVE-2005-0526 | 1 Pblang | 1 Pblang | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. | |||||