Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0744 | 1 Novell | 1 Ichain | 2017-07-11 | 10.0 HIGH | N/A |
| The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. | |||||
| CVE-2005-0746 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||||
| CVE-2005-0748 | 1 Webinsta | 1 Webinsta Mailing Manager | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0774 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | |||||
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | |||||
| CVE-2005-0777 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. | |||||
| CVE-2005-0778 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | |||||
| CVE-2005-0781 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | |||||
| CVE-2005-0782 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. | |||||
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2005-0786 | 1 Simpgb | 1 Simpgb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. | |||||
| CVE-2005-0787 | 1 Wine | 1 Wine | 2017-07-11 | 2.1 LOW | N/A |
| Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. | |||||
| CVE-2005-0788 | 1 Limewire | 1 Limewire | 2017-07-11 | 5.0 MEDIUM | N/A |
| LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. | |||||
| CVE-2005-0789 | 1 Limewire | 1 Limewire | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request. | |||||
| CVE-2005-0790 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0791 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. | |||||
| CVE-2005-0792 | 1 Zpanel | 1 Zpanel | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php. | |||||
| CVE-2005-0794 | 1 Zpanel | 1 Zpanel | 2017-07-11 | 6.4 MEDIUM | N/A |
| ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php. | |||||
| CVE-2005-0795 | 1 Hola | 1 Holacms | 2017-07-11 | 5.0 MEDIUM | N/A |
| HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. | |||||
| CVE-2005-0802 | 1 Asp Press | 1 Acs Blog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-0807 | 1 Oxid | 1 Cain And Abel | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters. | |||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2005-0817 | 1 Symantec | 4 Enterprise Firewall, Gateway Security 5300, Gateway Security 5400 and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. | |||||
| CVE-2005-0818 | 1 Punbb | 1 Punbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. | |||||
| CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | |||||
| CVE-2005-0823 | 1 Thepoolclub | 2 Ipool, Isnooker | 2017-07-11 | 4.6 MEDIUM | N/A |
| ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. | |||||
| CVE-2005-0826 | 1 Ollydbg | 1 Ollydbg | 2017-07-11 | 5.0 MEDIUM | N/A |
| OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename. | |||||
| CVE-2005-0827 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. | |||||
| CVE-2005-0828 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php. | |||||
| CVE-2005-0837 | 1 Icecast | 1 Icecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). | |||||
| CVE-2005-0838 | 1 Icecast | 1 Icecast | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag. | |||||
| CVE-2005-0841 | 1 Phpmyfamily | 1 Phpmyfamily | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field. | |||||
| CVE-2005-0844 | 1 Nortel | 1 Contivity | 2017-07-11 | 4.6 MEDIUM | N/A |
| Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. | |||||
| CVE-2005-0848 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl. | |||||
| CVE-2005-0854 | 1 Betaparticle | 1 Betaparticle Blog | 2017-07-11 | 7.5 HIGH | N/A |
| betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. | |||||
| CVE-2005-0857 | 1 Coolforum | 1 Coolforum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. | |||||
| CVE-2005-0858 | 1 Coolforum | 1 Coolforum | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php. | |||||
| CVE-2005-0861 | 1 Delegate | 1 Delegate | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays." | |||||
| CVE-2005-0863 | 1 Phpopenchat | 1 Phpopenchat | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. | |||||
| CVE-2005-0869 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0870 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. | |||||
| CVE-2005-0871 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. | |||||
| CVE-2005-0872 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. | |||||
| CVE-2005-0876 | 1 Dnsmasq | 1 Dnsmasq | 2017-07-11 | 5.0 MEDIUM | N/A |
| Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. | |||||
| CVE-2005-0877 | 1 Dnsmasq | 1 Dnsmasq | 2017-07-11 | 5.0 MEDIUM | N/A |
| Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. | |||||
| CVE-2005-0878 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). | |||||
| CVE-2005-0879 | 1 Vortex Portal | 1 Vortex Portal | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter. | |||||
| CVE-2005-0880 | 1 Vortex Portal | 1 Vortex Portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message. | |||||