Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2775 | 1 Phpwebnotes | 1 Phpwebnotes | 2017-07-11 | 7.5 HIGH | N/A |
| php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter. | |||||
| CVE-2005-2776 | 1 Looking Glass | 1 Looking Glass | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass 20040427 allow remote attackers to inject arbitrary web script or HTML via the (1) version[fullname], (2) version[homepage], or (3) version[no] parameter to footer.php, or the (4) version[fullname], (5) version[no], (6) version[author], (7) version[email] parameter to header.php. | |||||
| CVE-2005-2777 | 1 Looking Glass | 1 Looking Glass | 2017-07-11 | 7.5 HIGH | N/A |
| Looking Glass 20040427 allows remote attackers to execute arbitrary commands via shell metacharacters in the DNS lookup query field. | |||||
| CVE-2005-2782 | 1 Autolinks | 1 Autolinks | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs. | |||||
| CVE-2005-2783 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags. | |||||
| CVE-2005-2784 | 1 Cosmoshop | 1 Cosmoshop | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors. | |||||
| CVE-2005-2785 | 1 Cosmoshop | 1 Cosmoshop | 2017-07-11 | 2.1 LOW | N/A |
| cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2787 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-07-11 | 5.0 MEDIUM | N/A |
| comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter. | |||||
| CVE-2005-2788 | 1 Neocrome | 1 Land Down Under | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 and earlier allow remote attackers to execute arbitrary SQL commands via the c parameter to (1) events.php, (2) index.php, or (3) list.php. | |||||
| CVE-2005-2789 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2017-07-11 | 7.5 HIGH | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username. | |||||
| CVE-2005-2790 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2017-07-11 | 7.5 HIGH | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client. | |||||
| CVE-2005-2791 | 1 Bfcommand And Control Software | 2 Bfcc, Bfvcc | 2017-07-11 | 5.0 MEDIUM | N/A |
| BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command. | |||||
| CVE-2005-0382 | 1 Breed | 1 Breed | 2017-07-11 | 5.0 MEDIUM | N/A |
| Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference. | |||||
| CVE-2005-0383 | 1 Trend Micro | 1 Control Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password. | |||||
| CVE-2005-0391 | 1 Daniel De Rauglaudre | 1 Geneweb | 2017-07-11 | 5.0 MEDIUM | N/A |
| geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files. | |||||
| CVE-2005-0412 | 1 Spidean | 1 Postwrap | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. | |||||
| CVE-2005-0414 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter. | |||||
| CVE-2005-0415 | 1 Ulrik Petersen | 1 Emdros Database Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | |||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | |||||
| CVE-2005-0421 | 1 Delphiturk | 1 Delphiturk Ftp | 2017-07-11 | 2.1 LOW | N/A |
| DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. | |||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2017-07-11 | 2.1 LOW | N/A |
| DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | |||||
| CVE-2005-0423 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-0424 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730. | |||||
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | |||||
| CVE-2005-0428 | 1 Powerdns | 1 Powerdns | 2017-07-11 | 5.0 MEDIUM | N/A |
| The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | |||||
| CVE-2005-0431 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2017-07-11 | 7.5 HIGH | N/A |
| Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. | |||||
| CVE-2005-0433 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. | |||||
| CVE-2005-0434 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. | |||||
| CVE-2005-0435 | 1 Awstats | 1 Awstats | 2017-07-11 | 5.0 MEDIUM | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | |||||
| CVE-2005-0436 | 1 Awstats | 1 Awstats | 2017-07-11 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | |||||
| CVE-2005-0438 | 1 Awstats | 1 Awstats | 2017-07-11 | 5.0 MEDIUM | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | |||||
| CVE-2005-0439 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names. | |||||
| CVE-2005-0441 | 1 Sybase | 1 Adaptive Server Enterprise | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement. | |||||
| CVE-2005-0442 | 1 Devellion | 1 Cubecart | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. | |||||
| CVE-2005-0443 | 1 Devellion | 1 Cubecart | 2017-07-11 | 4.3 MEDIUM | N/A |
| index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. | |||||
| CVE-2005-0445 | 1 Open Webmail | 1 Open Webmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. | |||||
| CVE-2005-0467 | 1 Putty | 1 Putty | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||
| CVE-2005-0471 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. | |||||
| CVE-2005-0474 | 1 Webcalendar | 1 Webcalendar | 2017-07-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. | |||||
| CVE-2005-0475 | 1 Php Arena | 1 Pafaq | 2017-07-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php. | |||||
| CVE-2005-0476 | 1 Hpm Guestbook.cgi | 1 Hpm Guestbook.cgi | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message. | |||||
| CVE-2005-0477 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url. | |||||
| CVE-2005-0478 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script. | |||||
| CVE-2005-0479 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter. | |||||
| CVE-2005-0480 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file. | |||||
| CVE-2005-0481 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script. | |||||
| CVE-2005-0482 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data. | |||||
| CVE-2005-0483 | 1 Glftpd | 1 Glftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command. | |||||
| CVE-2005-0485 | 1 Phparena | 1 Panews | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comment.php for paNews 2.0b4 for PHP Arena allows remote attackers to inject arbitrary HTML and web script via the showpost parameter. | |||||