Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1053 | 1 Moderngigabyte | 1 Modernbill | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. | |||||
| CVE-2005-1054 | 1 Moderngigabyte | 1 Modernbill | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2017-07-11 | 7.5 HIGH | N/A |
| TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. | |||||
| CVE-2005-1056 | 1 Hp | 1 Openview Network Node Manager | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. | |||||
| CVE-2005-1059 | 1 Linksys | 1 Wet11 | 2017-07-11 | 2.1 LOW | N/A |
| Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | |||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | |||||
| CVE-2005-1068 | 1 Scssboard | 1 Scssboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags. | |||||
| CVE-2005-1069 | 1 Scssboard | 1 Scssboard | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page." | |||||
| CVE-2005-1070 | 1 Invision Power Services | 1 Invision Board | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. | |||||
| CVE-2005-1073 | 1 Radscripts | 1 Radbids | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter. | |||||
| CVE-2005-1074 | 1 Radscripts | 1 Radbids | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter. | |||||
| CVE-2005-1075 | 1 Radscripts | 1 Radbids | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php. | |||||
| CVE-2005-1081 | 1 Azerbaijan Development Group | 1 Azdgdating | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1086 | 1 An | 1 An-httpd | 2017-07-11 | 6.4 MEDIUM | N/A |
| Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header. | |||||
| CVE-2005-1087 | 1 An | 1 An-httpd | 2017-07-11 | 6.4 MEDIUM | N/A |
| CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request. | |||||
| CVE-2005-1088 | 1 Dameware Development | 2 Mini Remote Control, Nt Utilities | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights. | |||||
| CVE-2005-1090 | 1 Maxthon | 1 Maxthon | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files. | |||||
| CVE-2005-1093 | 1 Popup Plus Plugin | 1 Popup Plus Plugin For Miranda Im | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1094 | 1 Network-client.com | 1 Ftp Now | 2017-07-11 | 4.6 MEDIUM | N/A |
| FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges. | |||||
| CVE-2005-1095 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-1096 | 1 Ocean12 Technologies | 1 Membership Manager Pro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter. | |||||
| CVE-2005-1098 | 1 Runtime Software | 1 Getdataback For Ntfs | 2017-07-11 | 2.1 LOW | N/A |
| GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information. | |||||
| CVE-2005-1099 | 1 Salim Gasmi | 1 Gld | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-1100 | 1 Salim Gasmi | 1 Gld | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog. | |||||
| CVE-2005-1101 | 1 Ibm | 1 Lotus Domino Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields. | |||||
| CVE-2005-1108 | 1 Junkbuster | 1 Internet Junkbuster | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. | |||||
| CVE-2005-1109 | 1 Junkbuster | 1 Internet Junkbuster | 2017-07-11 | 7.5 HIGH | N/A |
| The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. | |||||
| CVE-2005-1110 | 1 Sumus | 1 Sumus | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. | |||||
| CVE-2005-1112 | 1 Ibm | 1 Websphere Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine. | |||||
| CVE-2005-1113 | 1 Phpbb Group | 1 Phpbb Plus | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php. | |||||
| CVE-2005-1114 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters. | |||||
| CVE-2005-1118 | 1 Rsa | 1 Authentication Agent For Web | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the RSA Authentication Agent for Web 5.2 allows remote attackers to inject arbitrary web script or HTML via the postdata parameter. | |||||
| CVE-2005-1120 | 1 Ilohamail | 1 Ilohamail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type. | |||||
| CVE-2005-1121 | 2 Gentoo, Igor Khasilev | 2 Linux, Oops Proxy Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. | |||||
| CVE-2005-1126 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 and 5.x through 5.4 does not properly clear a buffer before using it, which allows local users to obtain portions of sensitive kernel memory. | |||||
| CVE-2005-1127 | 1 Postgrey | 1 Postgrey | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey. | |||||
| CVE-2005-1129 | 1 Egroupware | 1 Egroupware | 2017-07-11 | 2.1 LOW | N/A |
| eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient. | |||||
| CVE-2005-1130 | 1 Desert Dog Software | 1 Pinnacle Cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart allows remote attackers to inject arbitrary web script or HTML via the pg parameter. | |||||
| CVE-2005-1132 | 1 Lg Electronics | 1 Lg Mobile Phone | 2017-07-11 | 5.0 MEDIUM | N/A |
| LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file. | |||||
| CVE-2005-1134 | 1 S9y | 1 Serendipity | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in exit.php for Serendipity 0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) url_id or (2) entry_id parameters. | |||||
| CVE-2005-1146 | 1 Calendarscript | 1 Calendarscript | 2017-07-11 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145. | |||||
| CVE-2005-1147 | 1 Calendarscript | 1 Calendarscript | 2017-07-11 | 5.0 MEDIUM | N/A |
| calendar.pl in CalendarScript 3.20 allows remote attackers to obtain sensitive information via invalid (1) calendar or (2) template parameters, which leaks the full pathname and debug information. | |||||
| CVE-2005-1148 | 1 Calendarscript | 1 Calendarscript | 2017-07-11 | 5.0 MEDIUM | N/A |
| calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. | |||||
| CVE-2005-1161 | 1 Oneworldstore | 1 Oneworldstore | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp. | |||||
| CVE-2005-1162 | 1 Oneworldstore | 1 Oneworldstore | 2017-07-11 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp. | |||||
| CVE-2005-1164 | 1 Yager Development | 1 Yager Game | 2017-07-11 | 5.0 MEDIUM | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length. | |||||
| CVE-2005-1165 | 1 Yager Development | 1 Yager Game | 2017-07-11 | 5.0 MEDIUM | N/A |
| Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data. | |||||
| CVE-2005-1171 | 1 Datenbank Module | 1 Datenbank Module | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1176 | 1 Ibm | 1 Aix | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information. | |||||
| CVE-2005-1177 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | |||||