Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0300 | 1 Jsboard | 1 Jsboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. | |||||
| CVE-2005-0301 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 7.5 HIGH | N/A |
| comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. | |||||
| CVE-2005-0302 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. | |||||
| CVE-2005-0303 | 1 Comersus Open Technologies | 1 Comersus Backoffice Lite | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2005-0304 | 1 Divx | 1 Divx Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. | |||||
| CVE-2005-0305 | 1 Siteman | 1 Siteman | 2017-07-11 | 7.5 HIGH | N/A |
| CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. | |||||
| CVE-2005-0306 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message. | |||||
| CVE-2005-0307 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters. | |||||
| CVE-2005-0308 | 1 Ursoftware | 1 W32dasm | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. | |||||
| CVE-2005-0309 | 1 Exponent | 1 Exponent | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter. | |||||
| CVE-2005-0310 | 1 Exponent | 1 Exponent | 2017-07-11 | 5.0 MEDIUM | N/A |
| Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined. | |||||
| CVE-2005-0311 | 1 Ingate | 1 Ingate Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources. | |||||
| CVE-2005-0312 | 1 War Ftp Daemon | 1 War Ftp Daemon | 2017-07-11 | 2.1 LOW | N/A |
| WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability. | |||||
| CVE-2005-0313 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE. | |||||
| CVE-2005-0314 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields. | |||||
| CVE-2005-0315 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning. | |||||
| CVE-2005-0316 | 1 Webwasher | 1 Webwasher Classic | 2017-07-11 | 7.5 HIGH | N/A |
| WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-0317 | 1 Alt-n | 1 Webadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter. | |||||
| CVE-2005-0319 | 1 Alt-n | 1 Webadmin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. | |||||
| CVE-2005-0320 | 1 Icewarp | 1 Web Mail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html. | |||||
| CVE-2005-0321 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 2.1 LOW | N/A |
| MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path. | |||||
| CVE-2005-0322 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 7.2 HIGH | N/A |
| MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords. | |||||
| CVE-2005-0323 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2005-0324 | 1 Captaris | 1 Infinite Mobile Delivery Webmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message. | |||||
| CVE-2005-0325 | 1 Techland | 1 Xpand Rally | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations. | |||||
| CVE-2005-0326 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 5.0 MEDIUM | N/A |
| pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script. | |||||
| CVE-2005-0327 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php. | |||||
| CVE-2005-0328 | 2 Netgear, Zyxel | 3 Rt311, Rt314, Prestige | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address. | |||||
| CVE-2005-0329 | 1 Zipgenius | 1 Zipgenius | 2017-07-11 | 2.6 LOW | N/A |
| Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences. | |||||
| CVE-2005-0330 | 1 People Can Fly | 1 Painkiller | 2017-07-11 | 2.1 LOW | N/A |
| Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash. | |||||
| CVE-2005-0331 | 1 Rarlab | 1 Winrar | 2017-07-11 | 2.6 LOW | N/A |
| Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file. | |||||
| CVE-2005-0332 | 1 Ventia | 1 Desknow Mail And Collaboration Server | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do. | |||||
| CVE-2005-0333 | 1 Lanchat Pro Revival | 1 Lanchat Pro Revival | 2017-07-11 | 5.0 MEDIUM | N/A |
| LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet. | |||||
| CVE-2005-0334 | 1 Linksys | 1 Psus4 Printserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value. | |||||
| CVE-2005-0335 | 1 Emotion | 1 Mediapartner Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2005-0336 | 1 Emotion | 1 Mediapartner Web Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML. | |||||
| CVE-2005-0338 | 1 Savant | 1 Savant Webserver | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2005-0339 | 1 Foxmail | 1 Foxmail Email Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command. | |||||
| CVE-2005-0340 | 1 Apple | 1 Afp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. | |||||
| CVE-2005-0341 | 1 Apple | 1 Safari | 2017-07-11 | 4.3 MEDIUM | N/A |
| Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. | |||||
| CVE-2005-0342 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. | |||||
| CVE-2005-0343 | 1 Logicnow | 1 Perldesk | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter. | |||||
| CVE-2005-0344 | 1 Software602 | 1 602lan Suite | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2005-0345 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 5.0 MEDIUM | N/A |
| viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. | |||||
| CVE-2005-0346 | 1 Safenet | 1 Softremote Vpn Client | 2017-07-11 | 2.1 LOW | N/A |
| SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process. | |||||
| CVE-2005-0347 | 1 Realnetworks | 1 Realarcade | 2017-07-11 | 5.1 MEDIUM | N/A |
| Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow. | |||||
| CVE-2005-0348 | 1 Realnetworks | 1 Realarcade | 2017-07-11 | 2.6 LOW | N/A |
| Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag. | |||||
| CVE-2005-0352 | 1 Woodstone | 1 Servers Alive | 2017-07-11 | 7.2 HIGH | N/A |
| Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges. | |||||
| CVE-2005-0353 | 1 Safenet | 1 Sentinel License Manager | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093. | |||||
| CVE-2005-0357 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2017-07-11 | 7.5 HIGH | N/A |
| EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID. | |||||