Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3324 | 1 Appindex | 1 Mwchat | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-3330 | 1 Snoopy | 1 Snoopy | 2017-07-11 | 7.5 HIGH | N/A |
| The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function. | |||||
| CVE-2005-3331 | 1 Rogers Software Source | 1 Mgdiff Patch Viewer | 2017-07-11 | 2.1 LOW | N/A |
| viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-3333 | 1 Ebase | 1 Ebaseweb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-3334 | 1 Flyspray | 1 Flyspray | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. | |||||
| CVE-2005-3335 | 1 Mantis | 1 Mantis | 2017-07-11 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | |||||
| CVE-2005-3341 | 1 Dhis Tools | 1 Dns Package | 2017-07-11 | 2.1 LOW | N/A |
| DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. | |||||
| CVE-2005-3343 | 1 Tkdiff | 1 Tkdiff | 2017-07-11 | 4.6 MEDIUM | N/A |
| tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-3344 | 1 Horde | 1 Horde | 2017-07-11 | 10.0 HIGH | N/A |
| The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | |||||
| CVE-2005-3345 | 1 Rssh | 1 Rssh | 2017-07-11 | 7.2 HIGH | N/A |
| rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. | |||||
| CVE-2005-3346 | 1 Osh | 1 Osh | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | |||||
| CVE-2005-3347 | 1 Phpgroupware | 1 Phpgroupware | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346. | |||||
| CVE-2005-3348 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 4.3 MEDIUM | N/A |
| HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egroupware before 1.0.0.009, allows remote attackers to spoof web content and poison web caches via CRLF sequences in the charset parameter. | |||||
| CVE-2005-3354 | 1 Sylpheed | 1 Sylpheed | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the ldif_get_line function in ldif.c of Sylpheed before 2.1.6 allows user-assisted attackers to execute arbitrary code by having local users import LDIF files with long lines. | |||||
| CVE-2005-3366 | 1 Php Icalendar | 1 Php Icalendar | 2017-07-11 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher. | |||||
| CVE-2005-3368 | 1 Search Enhanced | 1 Search Enhanced | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2005-3369 | 1 Woltlab | 1 Burning Board | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters. | |||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-3407 | 1 Butterfat | 1 Phpesp | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3408 | 1 Greg Neustaetter | 1 Gcards | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter. | |||||
| CVE-2005-3413 | 1 Eyeos Project | 1 Eyeos | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter. | |||||
| CVE-2005-3414 | 1 Eyeos Project | 1 Eyeos | 2017-07-11 | 7.5 HIGH | N/A |
| eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. | |||||
| CVE-2005-3415 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable. | |||||
| CVE-2005-3427 | 1 Cisco | 1 Ciscoworks Management Center For Ips Sensors | 2017-07-11 | 2.1 LOW | N/A |
| The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection. | |||||
| CVE-2005-3429 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 4.3 MEDIUM | N/A |
| Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension. | |||||
| CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | |||||
| CVE-2005-3434 | 1 Archilles | 1 Newsworld | 2017-07-11 | 7.5 HIGH | N/A |
| Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges. | |||||
| CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2017-07-11 | 7.5 HIGH | N/A |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | |||||
| CVE-2005-3436 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox. | |||||
| CVE-2005-3469 | 1 News2net | 1 News2net | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-3470 | 1 Mailscanner | 1 Mailscanner | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2005-3475 | 1 Hasbani Web Server | 1 Hasbani Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests. | |||||
| CVE-2005-3514 | 1 Chipmunk Scripts | 1 Chipmunk Forum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php. | |||||
| CVE-2005-3515 | 1 Chipmunk Scripts | 1 Chipmunk Topsites | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2005-3516 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter. | |||||
| CVE-2005-3517 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php. | |||||
| CVE-2005-3518 | 1 Punbb | 1 Punbb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter. | |||||
| CVE-2005-3519 | 1 Mysource | 1 Mysource | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php. | |||||
| CVE-2005-3520 | 1 Mysource | 1 Mysource | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php. | |||||
| CVE-2005-3521 | 1 E107 | 1 E107 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page. | |||||
| CVE-2005-3522 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. | |||||
| CVE-2005-3524 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. | |||||
| CVE-2005-3530 | 1 Antville | 1 Antville | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. | |||||
| CVE-2005-3546 | 1 F-secure | 2 F-secure Anti-virus, Internet Gatekeeper | 2017-07-11 | 7.2 HIGH | N/A |
| suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before 2.15.484 and (2) Anti-Virus Linux Gateway before 2.16 are installed SUID with world-executable permissions, which allows local users to gain privilege. | |||||
| CVE-2005-3552 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook. | |||||
| CVE-2005-3553 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 R2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in conjunction with the login/userinfo.php path and (2) the session parameter (aka the PHPKITSID variable). | |||||
| CVE-2005-3554 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 5.1 MEDIUM | N/A |
| Multiple eval injection vulnerabilities in the help function in PHPKIT 1.6.1 R2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary code on the server via unknown attack vectors involving uninitialized variables. | |||||
| CVE-2005-3560 | 1 Zonelabs | 4 Zonealarm, Zonealarm Anti-spyware, Zonealarm Antivirus and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags. | |||||
| CVE-2005-3566 | 1 Symantec Veritas | 4 Cluster Server, Sanpoint Control Quickstart, Storage Foundation and 1 more | 2017-07-11 | 4.3 MEDIUM | N/A |
| Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew. | |||||