Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4615 | 1 Dapperdesk | 1 Dapperdesk | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4616 | 1 Idevspot | 1 Isupport | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter. | |||||
| CVE-2005-4617 | 1 Forperfect | 1 Csupport | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. | |||||
| CVE-2005-4627 | 2 Gfhost, Gmailsite | 2 Gfhost, Gmailsite | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter. | |||||
| CVE-2005-4630 | 1 Clientexec | 1 Clientexec | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters. | |||||
| CVE-2005-4637 | 1 Kayako | 1 Supportsuite | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module. | |||||
| CVE-2005-4638 | 1 Kayako | 1 Supportsuite | 2017-07-20 | 5.0 MEDIUM | N/A |
| index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module. | |||||
| CVE-2005-4642 | 1 Hydrobb | 1 Hydrobb | 2017-07-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php. | |||||
| CVE-2005-4643 | 1 Antharia | 1 Oncontent Cms | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it is not clear, but this might be an application service provider, in which case it might be excluded from CVE. | |||||
| CVE-2005-4644 | 1 Edgewall Software | 1 Trac | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | |||||
| CVE-2005-4646 | 1 Pearlinger | 1 Pearl Forums | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4647 | 1 Pearlinger | 1 Pearl Forums | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4652 | 1 Phlymail | 1 Phlymail | 2017-07-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-4653 | 1 Al-caricatier | 1 Al-caricatier | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument. | |||||
| CVE-2005-4656 | 1 Triggertg | 1 Tclanportal | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter. | |||||
| CVE-2005-4659 | 1 Ipcop | 1 Ipcop | 2017-07-20 | 2.1 LOW | N/A |
| IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup. | |||||
| CVE-2005-4661 | 1 Campware.org | 1 Campsite | 2017-07-20 | 5.0 MEDIUM | N/A |
| The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password. | |||||
| CVE-2005-4662 | 1 Ocomon | 1 Ocomon | 2017-07-20 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664. | |||||
| CVE-2005-4664 | 1 Ocomon | 1 Ocomon | 2017-07-20 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662. | |||||
| CVE-2005-4666 | 1 Phlymail | 1 Phlymail | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. | |||||
| CVE-2005-4670 | 1 Citypost | 1 Php Lnkx | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | |||||
| CVE-2005-4671 | 1 Citypost | 1 Simple Php Upload | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-4672 | 1 Citypost | 1 Simple Image Editor | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter. | |||||
| CVE-2005-4674 | 1 Complete Php Counter | 1 Complete Php Counter | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter. | |||||
| CVE-2005-4675 | 1 Complete Php Counter | 1 Complete Php Counter | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. | |||||
| CVE-2005-4676 | 1 Andreas Huggel | 1 Exiv2 | 2017-07-20 | 5.0 MEDIUM | N/A |
| Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata. | |||||
| CVE-2005-4677 | 1 Oscommerce | 1 Oscommerce | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in additional_images.php (aka the Additional Images module) before 1.14 in osCommerce allows remote attackers to execute arbitrary SQL commands via the products_id parameter to product_info.php. | |||||
| CVE-2005-4682 | 1 Audienceview | 1 Audienceview | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4683 | 1 Padl Software | 1 Migrationtools | 2017-07-20 | 2.1 LOW | N/A |
| PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh. | |||||
| CVE-2005-4684 | 1 Kde | 1 Konqueror | 2017-07-20 | 6.4 MEDIUM | N/A |
| Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | |||||
| CVE-2005-4685 | 1 Mozilla | 2 Firefox, Mozilla | 2017-07-20 | 6.4 MEDIUM | N/A |
| Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. | |||||
| CVE-2005-4694 | 1 Plain Black | 1 Webgui | 2017-07-20 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2005-4697 | 1 Microsoft | 1 Windows Xp | 2017-07-20 | 2.1 LOW | N/A |
| The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll. | |||||
| CVE-2005-4698 | 1 Tellme | 1 Tellme | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters. | |||||
| CVE-2005-4699 | 1 Tellme | 1 Tellme | 2017-07-20 | 6.4 MEDIUM | N/A |
| Argument injection vulnerability in TellMe 1.2 and earlier allows remote attackers to modify command line arguments for the Whois program and obtain sensitive information via "--" style options in the q_Host parameter. | |||||
| CVE-2005-4700 | 1 Tellme | 1 Tellme | 2017-07-20 | 5.0 MEDIUM | N/A |
| TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message. | |||||
| CVE-2005-4709 | 1 Jboss | 1 Enterprise Java Beans | 2017-07-20 | 5.0 MEDIUM | N/A |
| The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. | |||||
| CVE-2005-4710 | 1 Autodesk | 18 3ds Max, Architectural Desktop, Autocad and 15 more | 2017-07-20 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329. | |||||
| CVE-2005-4711 | 1 Neocrome | 1 Land Down Under | 2017-07-20 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4714 | 1 Openvmps | 1 Openvmps | 2017-07-20 | 7.5 HIGH | N/A |
| Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-4715 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests. | |||||
| CVE-2005-4721 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4722 | 1 The Media Shoppe Berhad | 1 Tmspublisher | 2017-07-20 | 5.0 MEDIUM | N/A |
| _Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message. | |||||
| CVE-2005-4723 | 1 D-link | 3 Di-524, Di-624, Di-784 | 2017-07-20 | 5.0 MEDIUM | N/A |
| D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 allow remote attackers to cause a denial of service (device reboot) via a series of crafted fragmented UDP packets, possibly involving a missing fragment. | |||||
| CVE-2005-4724 | 1 Phptagcool | 1 Phptagcool | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header. | |||||
| CVE-2005-4729 | 1 Vbzoom | 1 Vbzoom | 2017-07-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter. | |||||
| CVE-2005-4774 | 1 Xerver | 1 Xerver | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI. | |||||
| CVE-2005-4780 | 1 Fidra Software | 1 Lighthouse Cms | 2017-07-20 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query_string to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the PHP technology. [It] is an application server ... A technology like this cannot be susceptible to client-side cross-site-scripting-attacks on its own, but only applications created based on such a technology. This does not only apply to Lighthouse, but also to Perl, PHP or web applications based on Java Servlet technology." Since the original researcher is known to test demo pages and is sometimes inaccurate, it is likely that this issue will be REJECTED. | |||||
| CVE-2005-4785 | 1 Jl Webworks | 1 Quickblogger | 2017-07-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section. | |||||
| CVE-2005-4786 | 1 Hauri | 3 Hauri Livecall, Virobot, Vrazmain.dll | 2017-07-20 | 4.0 MEDIUM | N/A |
| Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename. | |||||