Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1508 | 1 Pwsphp | 1 Pwsphp | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module. | |||||
| CVE-2005-1509 | 1 Pwsphp | 1 Pwsphp | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1511 | 1 Pwsphp | 1 Pwsphp | 2017-07-11 | 7.5 HIGH | N/A |
| PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie. | |||||
| CVE-2005-1512 | 1 Pwsphp | 1 Pwsphp | 2017-07-11 | 7.5 HIGH | N/A |
| The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files. | |||||
| CVE-2005-1516 | 1 Netwin | 1 Dmail | 2017-07-11 | 7.5 HIGH | N/A |
| DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function. | |||||
| CVE-2005-1524 | 1 The Cacti Group | 1 Cacti | 2017-07-11 | 5.0 MEDIUM | N/A |
| PHP file inclusion vulnerability in top_graph_header.php in Cacti 0.8.6d and possibly earlier versions allows remote attackers to execute arbitrary PHP code via the config[library_path] parameter. | |||||
| CVE-2005-1525 | 1 The Cacti Group | 1 Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in config_settings.php for Cacti before 0.8.6e allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1526 | 1 The Cacti Group | 1 Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in config_settings.php in Cacti before 0.8.6e allows remote attackers to execute arbitrary PHP code via the config[include_path] parameter. | |||||
| CVE-2005-1528 | 1 Qnx | 1 Rtos | 2017-07-11 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library. | |||||
| CVE-2005-1530 | 1 Sophos | 5 Sophos Anti-virus, Sophos Mailmonitor, Sophos Mailmonitor For Notes Domino and 2 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value. | |||||
| CVE-2005-1543 | 1 Novell | 5 Zenworks, Zenworks Desktops, Zenworks Remote Management and 2 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in Remote Management authentication (zenrem32.exe) on Novell ZENworks 6.5 Desktop and Server Management, ZENworks for Desktops 4.x, ZENworks for Servers 3.x, and Remote Management allows remote attackers to execute arbitrary code via (1) unspecified vectors, (2) type 1 authentication requests, and (3) type 2 authentication requests. | |||||
| CVE-2005-1544 | 1 Libtiff | 1 Libtiff | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag. | |||||
| CVE-2005-1551 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-11 | 5.1 MEDIUM | N/A |
| Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot. | |||||
| CVE-2005-1552 | 1 Geovision | 1 Digital Surveillance System | 2017-07-11 | 5.0 MEDIUM | N/A |
| GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image. | |||||
| CVE-2005-1553 | 1 Geovision | 1 Digital Surveillance System | 2017-07-11 | 7.5 HIGH | N/A |
| GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing. | |||||
| CVE-2005-1554 | 1 Wowbb | 1 Wowbb Web Forum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter. | |||||
| CVE-2005-1555 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. | |||||
| CVE-2005-1556 | 1 Gamespy | 1 Gamespy Sdk Cd-key Validation Toolkit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session. | |||||
| CVE-2005-1557 | 1 Pixysoft | 1 Guestbook Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message. | |||||
| CVE-2005-1558 | 1 Neteyes | 1 Nexusway | 2017-07-11 | 7.5 HIGH | N/A |
| The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie. | |||||
| CVE-2005-1559 | 1 Neteyes | 1 Nexusway | 2017-07-11 | 10.0 HIGH | N/A |
| The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi. | |||||
| CVE-2005-1560 | 1 Neteyes | 1 Nexusway | 2017-07-11 | 10.0 HIGH | N/A |
| The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute. | |||||
| CVE-2005-1561 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter. | |||||
| CVE-2005-1562 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp. | |||||
| CVE-2005-1564 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 7.5 HIGH | N/A |
| post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product. | |||||
| CVE-2005-1596 | 1 Fusion | 1 Sbx | 2017-07-11 | 10.0 HIGH | N/A |
| index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter. | |||||
| CVE-2005-1597 | 1 Invision Power Services | 2 Invision Board, Invision Power Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. | |||||
| CVE-2005-1599 | 1 Kryloff Technologies | 1 Subject Search Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. | |||||
| CVE-2005-1600 | 1 Libtomcrypt | 1 Libtomcrypt | 2017-07-11 | 7.5 HIGH | N/A |
| A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key. | |||||
| CVE-2005-1601 | 1 Mro Software | 1 Maximo Self Service | 2017-07-11 | 5.0 MEDIUM | N/A |
| MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a direct request for the file, such as MXServer.properties. | |||||
| CVE-2005-1602 | 1 Net56 | 1 File Manager | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. | |||||
| CVE-2005-1605 | 1 Positive Software | 1 Sitestudio | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere. | |||||
| CVE-2005-1606 | 1 Positive Software | 1 H-sphere Winbox | 2017-07-11 | 4.6 MEDIUM | N/A |
| H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. | |||||
| CVE-2005-1608 | 1 Spidean | 2 At-lite, Autotheme | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the Blocks module in Spidean AutoTheme 1.7 and AT-Lite for PostNuke have unknown impact. | |||||
| CVE-2005-1609 | 1 Sun | 1 Storedge 6130 Arrays | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial numbers between 0451AWF00G and 0513AWF00J allows local users and remote attackers to delete data. | |||||
| CVE-2005-1610 | 1 Tru-zone | 1 Nukeet | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter. | |||||
| CVE-2005-1611 | 1 Web Crossing Inc | 1 Web Crossing | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script. | |||||
| CVE-2005-1627 | 1 Viewglob | 1 Viewglob | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact. | |||||
| CVE-2005-1631 | 1 Booby | 1 Booby | 2017-07-11 | 5.0 MEDIUM | N/A |
| booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs. | |||||
| CVE-2005-1643 | 1 Jorg Ruppel | 1 Zoidcom | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and earlier allows remote attackers to cause a denial of service via a crafted UDP packet with a large size value, which causes a memory allocation error or an out-of-bounds read. | |||||
| CVE-2005-1644 | 1 1two | 1 Livre D Or | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters. | |||||
| CVE-2005-1645 | 1 Keyvan1 | 1 Imagegallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1660 | 1 Htmljunction | 1 Ezguestbook | 2017-07-11 | 7.5 HIGH | N/A |
| HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password. | |||||
| CVE-2005-1662 | 1 Jeuce | 1 Jeuce Personal Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2005-1663 | 1 Jeuce | 1 Jeuce Personal Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://". | |||||
| CVE-2004-1399 | 1 Opentools | 1 Attachment Mod | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. | |||||
| CVE-2004-1400 | 1 Active Server Corner | 1 Asp Calendar | 2017-07-11 | 7.5 HIGH | N/A |
| The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. | |||||
| CVE-2004-1401 | 1 Asp-rider | 1 Asp-rider | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter. | |||||
| CVE-2004-1402 | 1 Iwebnegar | 1 Iwebnegar | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page. | |||||
| CVE-2004-1403 | 1 Sir | 1 Gnuboard | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code. | |||||