Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3974 | 1 Drupal | 1 Drupal | 2018-10-19 | 6.4 MEDIUM | N/A |
| Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission. | |||||
| CVE-2005-3755 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages. | |||||
| CVE-2005-3754 | 1 Google | 2 Mini Search Appliance, Search Appliance | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script or HTML, via the proxystylesheet variable, which will be executed in the resulting error message. | |||||
| CVE-2005-3973 | 1 Drupal | 1 Drupal | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allow remote attackers to inject arbitrary web script or HTML via various HTML tags and values, such as the (1) legend tag and the value parameter used in (2) label and (3) input tags, possibly due to an incomplete blacklist. | |||||
| CVE-2005-3964 | 1 Integrated Computer Solutions | 1 Openmotif | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c. | |||||
| CVE-2005-3961 | 1 Webcalendar | 1 Webcalendar | 2018-10-19 | 5.0 MEDIUM | N/A |
| export_handler.php in WebCalendar 1.0.1 allows remote attackers to overwrite WebCalendar data files via a modified id parameter. | |||||
| CVE-2005-3960 | 1 Kadu | 1 Kadu | 2018-10-19 | 7.8 HIGH | N/A |
| Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. | |||||
| CVE-2005-3959 | 1 Freewebstat | 1 Freewebstat | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which are not sanitized before being included in the logdb.html file, and (5) the search key to stat.php. | |||||
| CVE-2005-3818 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, lead, and first or last name fields, (2) the record parameter in a DetailView action in the Leads module for index.php, (3) the $_SERVER['PHP_SELF'] variable, which is used in multiple locations such as index.php, and (4) aggregated RSS feeds in the RSS aggregation module. | |||||
| CVE-2005-3931 | 1 Asp-rider | 1 Asp-rider | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer. | |||||
| CVE-2005-3821 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name. | |||||
| CVE-2005-3820 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. | |||||
| CVE-2005-3819 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module. | |||||
| CVE-2005-3823 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 7.5 HIGH | N/A |
| The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function. | |||||
| CVE-2005-3949 | 1 Webcalendar | 1 Webcalendar | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4) multiple parameters to export_handler.php. | |||||
| CVE-2005-3822 | 1 Vtiger | 1 Vtiger Crm | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module. | |||||
| CVE-2005-3783 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.9 MEDIUM | N/A |
| The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to cause a denial of service (crash). | |||||
| CVE-2005-3665 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generation. | |||||
| CVE-2005-3734 | 1 Phpmyfaq | 1 Phpmyfaq | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3) usermail parameters. | |||||
| CVE-2005-3628 | 1 Xpdf | 1 Xpdf | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | |||||
| CVE-2005-3738 | 1 Mambo | 1 Mambo Site Server | 2018-10-19 | 2.6 LOW | N/A |
| globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfig_absolute_path parameter to content.html.php for remote PHP file inclusion. | |||||
| CVE-2005-3579 | 1 Walla Telesite | 1 Walla Telesite | 2018-10-19 | 5.0 MEDIUM | N/A |
| ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring. | |||||
| CVE-2005-3558 | 1 Oste | 1 Oste | 2018-10-19 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in index.php in OSTE 1.0 allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. | |||||
| CVE-2005-3589 | 1 Filezilla | 1 Filezilla Server Terminal | 2018-10-19 | 7.8 HIGH | N/A |
| Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command. | |||||
| CVE-2005-3549 | 1 Invision Power Services | 1 Invision Board | 2018-10-19 | 6.5 MEDIUM | N/A |
| Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now". | |||||
| CVE-2005-3556 | 1 Tincan | 1 Phplist | 2018-10-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) listname parameter in (a) admin/editlist.php, (2) title parameter in (b) admin/spageedit.php, (3) title field in (c) admin/template.php, (4) filter, (5) delete, and (6) start parameters in (d) admin/eventlog.php, (7) id parameter in (e) admin/configure.php, (8) find parameter in (f) admin/users.php, (9) start parameter in (g) admin/admin.php, and (10) action parameter in (h) admin/fckphplist.php. | |||||
| CVE-2005-3576 | 1 Walla Telesite | 1 Walla Telesite | 2018-10-19 | 5.0 MEDIUM | N/A |
| ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter. | |||||
| CVE-2005-3577 | 1 Walla Telesite | 1 Walla Telesite | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the sug parameter. | |||||
| CVE-2005-3557 | 1 Tincan | 1 Phplist | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/defaults.php in PHPlist 2.10.1 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) in the selected%5B%5D parameter in an HTTP POST request. | |||||
| CVE-2005-3578 | 1 Walla Telesite | 1 Walla Telesite | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to inject arbitrary SQL commands via the sug parameter. | |||||
| CVE-2005-3550 | 1 Toenda Software Development | 1 Toendacms | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in toendaCMS before 0.6.2 allows remote attackers to access arbitrary files via a .. (dot dot) in the id_user parameter. | |||||
| CVE-2005-3555 | 1 Tincan | 1 Phplist | 2018-10-19 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page. | |||||
| CVE-2005-3585 | 1 Phpwebthings | 1 Phpwebthings | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the forum parameter. | |||||
| CVE-2005-3551 | 1 Toenda Software Development | 1 Toendacms | 2018-10-19 | 5.0 MEDIUM | N/A |
| toendaCMS before 0.6.2 stores user account and session data in the web root directory, which allows remote attackers to obtain sensitive information via a direct request to the appropriate XML file. | |||||
| CVE-2005-3547 | 1 Invision Power Services | 1 Invision Board | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields. | |||||
| CVE-2005-3559 | 1 Digium | 1 Asterisk | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 through 1.2.0-beta1 allows remote attackers to access WAV files via a .. (dot dot) in the folder parameter. | |||||
| CVE-2005-3545 | 1 Ibproarcade | 1 Ibproarcade | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php of the report module in ibProArcade 2.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter. | |||||
| CVE-2005-3538 | 1 Ifax Solutions | 1 Hylafax | 2018-10-19 | 7.5 HIGH | N/A |
| hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. | |||||
| CVE-2005-3379 | 1 Trend Micro | 2 Officescan, Pc-cillin 2005 | 2018-10-19 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3539 | 1 Hylafax | 1 Hylafax | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3. | |||||
| CVE-2005-3363 | 1 Saphp | 1 Saphplesson | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php. | |||||
| CVE-2005-3527 | 1 Linux | 1 Linux Kernel | 2018-10-19 | 4.0 MEDIUM | N/A |
| Race condition in do_coredump in signal.c in Linux kernel 2.6 allows local users to cause a denial of service by triggering a core dump in one thread while another thread has a pending SIGSTOP. | |||||
| CVE-2005-3526 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2018-10-19 | 6.5 MEDIUM | N/A |
| Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command. | |||||
| CVE-2005-3525 | 1 Adobe | 1 Shockwave Player | 2018-10-19 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. | |||||
| CVE-2005-3523 | 1 Gpsdrive | 1 Gpsdrive | 2018-10-19 | 7.5 HIGH | N/A |
| Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field. | |||||
| CVE-2005-3508 | 1 Galerie | 1 Galerie | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter. | |||||
| CVE-2005-3505 | 1 Cpanel | 1 Cpanel | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer. | |||||
| CVE-2005-3503 | 1 Pwdutils | 1 Pwdutils | 2018-10-19 | 7.2 HIGH | N/A |
| chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges. | |||||
| CVE-2005-3492 | 1 Johannes F. Kuhlmann | 1 Flatfrag | 2018-10-19 | 5.0 MEDIUM | N/A |
| FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference. | |||||
| CVE-2005-3491 | 1 Johannes F. Kuhlmann | 1 Flatfrag | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model fields. | |||||