Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2220 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2016-10-18 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem. | |||||
| CVE-2005-2221 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2016-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) dc_productslist_Clearance.asp, (3) PID parameter to ratings.asp, (4) dc_Productsview.asp, (5) start, (6) key_mp, (7) searchtype, or (8) psearch parameters to dc_forum_Postslist.asp. NOTE: the vendor has disputed this issue, saying that the error messages arise from invalid category and product numbers. Assuming that this is the case, the issue still satisfies the CVE definition of "exposure." | |||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2016-10-18 | 7.2 HIGH | N/A |
| Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | |||||
| CVE-2005-2229 | 1 Blog Torrent | 1 Blog Torrent | 2016-10-18 | 7.5 HIGH | N/A |
| Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. | |||||
| CVE-2005-2257 | 1 Phpslash | 1 Phpslash | 2016-10-18 | 10.0 HIGH | N/A |
| The saveProfile function in PhpSlash 0.8.0 allows remote attackers to modify arbitrary profiles and gain privileges by modifying the author_id parameter. | |||||
| CVE-2005-2278 | 1 Mailenable | 1 Mailenable Professional | 2016-10-18 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name. | |||||
| CVE-2005-2287 | 1 Softiacom | 1 Wmailserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a denial of service (application crash) via a large TCP packet with a leading space, possibly triggering a buffer overflow. | |||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | |||||
| CVE-2005-2009 | 1 Ublog | 1 Reload | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | |||||
| CVE-2005-2010 | 1 Uapplication | 1 Ublog Reload | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. | |||||
| CVE-2005-2011 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. | |||||
| CVE-2005-2012 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | |||||
| CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
| CVE-2005-2014 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 4.6 MEDIUM | N/A |
| The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | |||||
| CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | |||||
| CVE-2005-2033 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter. | |||||
| CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | |||||
| CVE-2005-2046 | 1 Duware | 1 Duamazon Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | |||||
| CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | |||||
| CVE-2005-2049 | 1 Duware | 1 Duclassmate | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp. | |||||
| CVE-2005-2051 | 1 Symantec Veritas | 1 Backup Exec | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2016-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | |||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | |||||
| CVE-2005-2058 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2005-2060 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | |||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | |||||
| CVE-2005-2063 | 1 Active Web Softwares | 1 Activebuyandsell | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp. | |||||
| CVE-2005-2064 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. | |||||
| CVE-2005-2065 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | |||||
| CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | |||||
| CVE-2005-2067 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2005-2071 | 1 Sun | 1 Solaris | 2016-10-18 | 4.6 MEDIUM | N/A |
| traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot). | |||||
| CVE-2005-2082 | 1 Cgi-club | 1 Imtrset | 2016-10-18 | 5.0 MEDIUM | N/A |
| im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter. | |||||
| CVE-2005-2084 | 1 Telligent Systems | 1 Community Server Forums | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | |||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2005-2106 | 1 Drupal | 1 Drupal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | |||||
| CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php. | |||||
| CVE-2005-1850 | 1 Ekg | 1 Ekg | 2016-10-18 | 10.0 HIGH | N/A |
| Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | |||||
| CVE-2005-1851 | 1 Ekg | 1 Ekg | 2016-10-18 | 10.0 HIGH | N/A |
| A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | |||||
| CVE-2005-1870 | 1 Popper | 1 Popper | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter. | |||||
| CVE-2005-1871 | 1 Drupal | 1 Drupal | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly." | |||||
| CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1875 | 1 Exhibit Engine | 1 Exhibit Engine | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | |||||
| CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2016-10-18 | 4.6 MEDIUM | N/A |
| Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | |||||
| CVE-2005-1891 | 1 Aol | 1 Instant Messenger | 2016-10-18 | 5.0 MEDIUM | N/A |
| The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | |||||