Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2440 | 1 Thomson Netg | 1 Web Skill Vantage Manager | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter. | |||||
| CVE-2005-2442 | 1 Spi Dynamics | 1 Webinspect | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another. | |||||
| CVE-2005-2443 | 1 Kshout | 1 Kshout | 2017-07-11 | 5.0 MEDIUM | N/A |
| Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords. | |||||
| CVE-2005-2444 | 1 Cerulean Studios | 1 Trillian Pro | 2017-07-11 | 2.1 LOW | N/A |
| Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2445 | 1 Early Impact | 1 Product Cart | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter. | |||||
| CVE-2005-2449 | 1 Sandbox | 1 Sandbox | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp. | |||||
| CVE-2005-2450 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message. | |||||
| CVE-2005-2453 | 1 Networkactiv | 1 Networkactiv Web Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2017-07-11 | 5.0 MEDIUM | N/A |
| Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | |||||
| CVE-2005-2466 | 1 Openbook | 1 Openbook | 2017-07-11 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2005-2469 | 1 Novell | 1 Netmail | 2017-07-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. | |||||
| CVE-2005-2470 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2005-2472 | 1 Netcplus | 1 Businessmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands. | |||||
| CVE-2005-2473 | 1 Churchinfo | 1 Churchinfo | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php. | |||||
| CVE-2005-2474 | 1 Churchinfo | 1 Churchinfo | 2017-07-11 | 5.0 MEDIUM | N/A |
| ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message. | |||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2005-2477 | 1 Naxtor | 1 Shopping Cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability. | |||||
| CVE-2005-2478 | 1 Silver-scripts | 1 Silvernews | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel. | |||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | |||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2017-07-11 | 5.0 MEDIUM | N/A |
| The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | |||||
| CVE-2005-2483 | 1 Karrigell | 1 Karrigell | 2017-07-11 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script. | |||||
| CVE-2005-2484 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code. | |||||
| CVE-2005-2485 | 1 Logicampus | 1 Logicampus | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2487 | 1 Mcdata | 4 Intrepid 6064 Director Switch, Intrepid 6140 Director Switch, Sphereon 4300 Fabric Switch and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm. | |||||
| CVE-2005-2488 | 1 Web Content Management | 1 Web Content Management News System | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php. | |||||
| CVE-2005-2489 | 1 Web Content Management | 1 Web Content Management News System | 2017-07-11 | 7.5 HIGH | N/A |
| Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. | |||||
| CVE-2005-2500 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol. | |||||
| CVE-2005-2527 | 1 Sun | 1 Java | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. | |||||
| CVE-2005-2529 | 1 Sun | 1 Java | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | |||||
| CVE-2005-2530 | 1 Sun | 1 Java | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." | |||||
| CVE-2005-2536 | 1 Pstotext | 1 Pstotext | 2017-07-11 | 7.5 HIGH | N/A |
| pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file. | |||||
| CVE-2005-2539 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. | |||||
| CVE-2005-2540 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request. | |||||
| CVE-2005-2544 | 1 Comdev | 1 Comdev Ecommerce | 2017-07-11 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter. | |||||
| CVE-2005-2545 | 1 Phpopenchat | 1 Phpopenchat | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php. | |||||
| CVE-2005-2554 | 1 Network Associates | 1 Epolicy Orchestrator Agent | 2017-07-11 | 2.1 LOW | N/A |
| The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. | |||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | |||||
| CVE-2005-2562 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field. | |||||
| CVE-2005-2564 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file. | |||||
| CVE-2005-2565 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message. | |||||
| CVE-2005-2587 | 1 Phptb | 1 Topic Boards | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2005-2590 | 1 Parlano | 1 Mindalign | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2591 | 1 Parlano | 1 Mindalign | 2017-07-11 | 5.0 MEDIUM | N/A |
| Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability. | |||||
| CVE-2005-2592 | 1 Parlano | 1 Mindalign | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2005-2593 | 1 Parlano | 1 Mindalign | 2017-07-11 | 10.0 HIGH | N/A |
| Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors. | |||||
| CVE-2005-2597 | 1 Aol | 1 Aol Client Software | 2017-07-11 | 7.2 HIGH | N/A |
| AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. | |||||
| CVE-2005-2599 | 1 Hummingbird | 1 Connectivity | 2017-07-11 | 7.5 HIGH | N/A |
| Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges. | |||||
| CVE-2005-2611 | 1 Symantec Veritas | 3 Backup Exec, Backup Exec Remote Agent, Netbackup | 2017-07-11 | 10.0 HIGH | N/A |
| VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. | |||||
| CVE-2005-2613 | 1 Cpaint | 1 Cpaint | 2017-07-11 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors. | |||||
| CVE-2005-2620 | 1 Novell | 1 Groupwise | 2017-07-11 | 5.0 MEDIUM | N/A |
| grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | |||||