Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4054 | 1 Pluggedout | 1 Pluggedout Blog | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (5) day parameter. | |||||
| CVE-2005-4047 | 1 Iisworks | 1 Aspknowledgebase | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. | |||||
| CVE-2005-4046 | 1 Sun | 2 Java System Application Server, One Application Server | 2011-03-08 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Server 7 Standard Edition, as used in multiple web servers, allows remote attackers to conduct man-in-the-middle (MITM) attacks and "compromise data privacy." | |||||
| CVE-2005-4042 | 1 Mr. Cgi Guy | 1 Warm Links | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi. | |||||
| CVE-2005-4041 | 1 Mr. Cgi Guy | 2 Hot Links Pro, Hot Links Sql | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2005-4036 | 1 Web4future | 1 Keyword Frequency Counter | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." | |||||
| CVE-2005-4034 | 1 Web4future | 1 Edating Professional | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to (b) gift.php and (c) fq.php; and (5) cat parameter to (d) articles.php. | |||||
| CVE-2005-4033 | 1 Ali Bousahid | 1 Nodezilla | 2011-03-08 | 5.0 MEDIUM | N/A |
| Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-4032 | 1 Hotcgiscripts | 1 Easy Search System | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4031 | 1 Mediawiki | 1 Mediawiki | 2011-03-08 | 7.5 HIGH | N/A |
| Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. | |||||
| CVE-2005-4030 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2011-03-08 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header. | |||||
| CVE-2005-4024 | 1 Interspire | 1 Fastfind | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2005-4020 | 1 Widget Press | 1 Widget Imprint | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2005-4018 | 1 Landshop | 1 Real Estate Commerce System | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters. | |||||
| CVE-2005-4016 | 1 Widget Press | 1 Widget Property | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | |||||
| CVE-2005-4005 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | |||||
| CVE-2005-4004 | 1 Infinetsoftware | 1 Mytemplatesite | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4001 | 1 Phpyellow | 2 Phpyellowtm Lite, Phpyellowtm Pro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. | |||||
| CVE-2005-3993 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2011-03-08 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | |||||
| CVE-2005-3989 | 1 Avaya | 1 Tn2602ap Ip Media Resource 320 Circuit Pack | 2011-03-08 | 7.8 HIGH | N/A |
| Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | |||||
| CVE-2005-3988 | 1 Pineapple Technologies | 1 Lore | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2011-03-08 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-3978 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php. | |||||
| CVE-2005-3977 | 1 Qualityebiz | 1 Qualityppc | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. | |||||
| CVE-2005-3972 | 1 Extreme Corporate | 1 Extreme Search | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-3970 | 1 Mxchange | 1 Mxchange | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3967 | 1 Atlassian | 1 Confluence | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. | |||||
| CVE-2005-3966 | 1 Java Search Engine | 1 Java Search Engine | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-3944 | 1 Faq System | 1 Faq System | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter. | |||||
| CVE-2005-3943 | 1 Faq System | 1 Faq System | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php. | |||||
| CVE-2005-3942 | 1 Greywyvern | 1 Orca Knowledgebase | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. | |||||
| CVE-2005-3941 | 1 Greywyvern | 1 Orca Blog | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | |||||
| CVE-2005-3940 | 1 Greywyvern | 1 Orca Ringmaker | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-3933 | 1 88script | 1 88script Event Calendar | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2005-3932 | 1 O-kiraku Nikki | 1 O-kiraku Nikki | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter. | |||||
| CVE-2005-3925 | 1 Helpdesk Issue Manager | 1 Helpdesk Issue Manager | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | |||||
| CVE-2005-3924 | 1 Randshop | 1 Randshop | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters. | |||||
| CVE-2005-3923 | 1 Netobjects | 1 Netobjects Fusion | 2011-03-08 | 5.0 MEDIUM | N/A |
| NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. | |||||
| CVE-2005-3951 | 1 Php Labs | 1 Survey Wizard | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2005-3917 | 1 Commodityrentals | 1 Commodityrentals | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2005-3916 | 1 Wsn Forum | 1 Wsn Forum | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. | |||||
| CVE-2005-3915 | 1 Clavister | 2 Clavister Firewall, Clavister Security Gateway | 2011-03-08 | 7.5 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-3914 | 1 Affcommerce | 1 Affcommerce | 2011-03-08 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php. | |||||
| CVE-2005-3913 | 1 Vchs | 1 Vchs | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users. | |||||
| CVE-2005-3911 | 1 Bosdev | 1 Bosdates | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters. | |||||
| CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2011-03-08 | 7.8 HIGH | N/A |
| Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2005-3886 | 1 Cisco | 1 Security Agent | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. | |||||
| CVE-2005-3882 | 1 Faqsystems | 1 Faqring Knowledge Base Software | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3880 | 1 Omnistar Interactive | 1 Omnistar Kbase | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php. | |||||