Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2699 | 1 Phpkit | 1 Phpkit | 2016-10-18 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE. | |||||
| CVE-2005-2718 | 1 Mplayer | 1 Mplayer | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk. | |||||
| CVE-2005-2722 | 1 Foojan | 1 Php Weblog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. | |||||
| CVE-2005-2731 | 1 Astaro | 1 Security Linux | 2016-10-18 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl. | |||||
| CVE-2005-2732 | 1 Awstats | 1 Awstats | 2016-10-18 | 5.0 MEDIUM | N/A |
| AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | |||||
| CVE-2005-2537 | 1 Flatnuke | 1 Flatnuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | |||||
| CVE-2005-2538 | 1 Flatnuke | 1 Flatnuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | |||||
| CVE-2005-2542 | 1 Invision Power Services | 1 Invision Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. | |||||
| CVE-2005-2543 | 1 Comdev | 1 Comdev Ecommerce | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter. | |||||
| CVE-2005-2546 | 1 Arab Portal | 1 Arab Portal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called. | |||||
| CVE-2005-2552 | 1 Hp | 1 Proliant Dl585 | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down." | |||||
| CVE-2005-2556 | 1 Mantis | 1 Mantis | 2016-10-18 | 7.5 HIGH | N/A |
| core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | |||||
| CVE-2005-2559 | 1 E107 | 1 E107 | 2016-10-18 | 7.5 HIGH | N/A |
| doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function. | |||||
| CVE-2005-2560 | 1 Ader Software | 1 Cfbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-2561 | 1 Myfaq | 1 Myfaq | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3. | |||||
| CVE-2005-2563 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template. | |||||
| CVE-2005-2566 | 1 Openbb | 1 Openbb | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php. | |||||
| CVE-2005-2567 | 1 Syscp Team | 1 Syscp | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. | |||||
| CVE-2005-2568 | 1 Syscp Team | 1 Syscp | 2016-10-18 | 7.5 HIGH | N/A |
| Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function. | |||||
| CVE-2005-2569 | 1 Funkboard | 1 Funkboard | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php. | |||||
| CVE-2005-2570 | 1 Funkboard | 1 Funkboard | 2016-10-18 | 5.0 MEDIUM | N/A |
| FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message. | |||||
| CVE-2005-2571 | 1 Funkboard | 1 Funkboard | 2016-10-18 | 6.4 MEDIUM | N/A |
| FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php. | |||||
| CVE-2005-2576 | 1 Calogic | 1 Calogic | 2016-10-18 | 5.0 MEDIUM | N/A |
| CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message. | |||||
| CVE-2005-2577 | 1 Wyse | 1 Winterm | 2016-10-18 | 5.0 MEDIUM | N/A |
| Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field. | |||||
| CVE-2005-2579 | 1 Nortel | 1 Contivity | 2016-10-18 | 7.2 HIGH | N/A |
| Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. | |||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | |||||
| CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | |||||
| CVE-2005-2582 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2016-10-18 | 3.6 LOW | N/A |
| Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing. | |||||
| CVE-2005-2583 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 7.5 HIGH | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. | |||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 7.2 HIGH | N/A |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. | |||||
| CVE-2005-2585 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan. | |||||
| CVE-2005-2586 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 2.1 LOW | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2621 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-18 | 5.0 MEDIUM | N/A |
| index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-2622 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. | |||||
| CVE-2005-2431 | 1 Gforge | 1 Gforge | 2016-10-18 | 5.0 MEDIUM | N/A |
| The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). | |||||
| CVE-2005-2460 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. | |||||
| CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | |||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 2.1 LOW | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 6.4 MEDIUM | N/A |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | |||||
| CVE-2005-2464 | 1 Pcxp Toppe Cms | 1 Pcxp Toppe Cms | 2016-10-18 | 7.5 HIGH | N/A |
| login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | |||||
| CVE-2005-2465 | 2 Pc-experience, Toppe | 2 Pc-experience, Toppe Cms | 2016-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. | |||||
| CVE-2005-2467 | 1 Mysql | 1 Eventum | 2016-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | |||||
| CVE-2005-2468 | 1 Mysql | 1 Eventum | 2016-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. | |||||
| CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2016-10-18 | 5.0 MEDIUM | N/A |
| ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | |||||
| CVE-2005-2288 | 1 Phpcounter | 1 Phpcounter | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. | |||||
| CVE-2005-2289 | 1 Phpcounter | 1 Phpcounter | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message. | |||||
| CVE-2005-2290 | 1 Wps | 1 Web Portal System | 2016-10-18 | 10.0 HIGH | N/A |
| wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. | |||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2016-10-18 | 4.6 MEDIUM | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | |||||
| CVE-2005-2296 | 1 Yabb | 1 Yabb | 2016-10-18 | 5.0 MEDIUM | N/A |
| YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | |||||
| CVE-2005-2297 | 1 Sybase | 1 Easerver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. | |||||