Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1299 | 1 Inserter.cgi | 1 Inserter.cgi | 2016-10-18 | 10.0 HIGH | N/A |
| The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2005-1300 | 1 Inserter.cgi | 1 Inserter.cgi | 2016-10-18 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | |||||
| CVE-2005-1301 | 1 Nprotect | 1 Netizen | 2016-10-18 | 2.6 LOW | N/A |
| nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. | |||||
| CVE-2005-1302 | 1 Swsoft | 1 Confixx | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. | |||||
| CVE-2005-1303 | 1 Citat.pl | 1 Citat.pl | 2016-10-18 | 7.5 HIGH | N/A |
| The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2005-1304 | 1 Citat.pl | 1 Citat.pl | 2016-10-18 | 7.5 HIGH | N/A |
| The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument. | |||||
| CVE-2005-1305 | 1 Hyper.cgi | 1 Hyper.cgi | 2016-10-18 | 5.0 MEDIUM | N/A |
| The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | |||||
| CVE-2005-1325 | 1 Matthieu Aubry | 1 Phpmyvisites | 2016-10-18 | 5.0 MEDIUM | N/A |
| set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. | |||||
| CVE-2005-1348 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header. | |||||
| CVE-2005-1064 | 1 Rsnapshot | 1 Filesystem Snapshot Utility | 2016-10-18 | 4.6 MEDIUM | N/A |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | |||||
| CVE-2005-1071 | 1 Jportal | 1 Jportal Web Portal | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | |||||
| CVE-2005-1077 | 1 Xampp | 1 Apache Distribution | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. | |||||
| CVE-2005-1078 | 1 Xampp | 1 Apache Distribution | 2016-10-18 | 7.5 HIGH | N/A |
| XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. | |||||
| CVE-2005-1079 | 1 Mike De Boer | 1 Zoom Media Gallery | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2005-1102 | 1 Wordpress | 1 Wordpress | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. | |||||
| CVE-2005-1103 | 1 Sygate Technologies | 1 Security Agent | 2016-10-18 | 4.6 MEDIUM | N/A |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | |||||
| CVE-2005-1104 | 1 Centra | 1 Centra | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. | |||||
| CVE-2005-1105 | 1 Sun | 1 Javamail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. | |||||
| CVE-2005-1106 | 1 Apple | 1 Quicktime Pictureviewer | 2016-10-18 | 5.0 MEDIUM | N/A |
| PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. | |||||
| CVE-2005-1115 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1117 | 1 All4www | 1 All4www-homepagecreator | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2016-10-18 | 5.0 MEDIUM | N/A |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | |||||
| CVE-2005-1135 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-1136 | 1 Sphpblog | 1 Sphpblog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | |||||
| CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | |||||
| CVE-2005-1141 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-18 | 7.5 HIGH | N/A |
| Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1142 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-18 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values. | |||||
| CVE-2005-1166 | 1 Dameware Development | 2 Dameware Nt Utilities, Miniremote Control | 2016-10-18 | 2.1 LOW | N/A |
| The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. | |||||
| CVE-2005-1167 | 1 Musicmatch | 1 Jukebox | 2016-10-18 | 2.1 LOW | N/A |
| Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information. | |||||
| CVE-2005-1168 | 1 Musicmatch | 1 Jukebox | 2016-10-18 | 5.0 MEDIUM | N/A |
| DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. | |||||
| CVE-2005-1169 | 1 Mafia | 1 Mafia Blog | 2016-10-18 | 7.5 HIGH | N/A |
| Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php. | |||||
| CVE-2005-1170 | 1 Datenbank Module | 1 Datenbank Module | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1172 | 1 Coppermine | 1 Coppermine Photo Gallery | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter. | |||||
| CVE-2005-1173 | 1 Pmsoftware | 1 Simple Web Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | |||||
| CVE-2005-0955 | 1 Interakt | 1 Mx Shop | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter. | |||||
| CVE-2005-0956 | 1 Interakt | 1 Mx Kart | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter. | |||||
| CVE-2005-0980 | 1 Alstrasoft | 1 Epay | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0981 | 1 Alstrasoft | 1 Epay | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter. | |||||
| CVE-2005-0982 | 1 Yet Another Forum.net | 1 Yet Another Forum.net | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field. | |||||
| CVE-2005-0983 | 4 Activision, Id Software, Lucasarts and 1 more | 10 Call Of Duty, Call Of Duty United Offensive, Return To Castle Wolfenstein and 7 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data. | |||||
| CVE-2005-0984 | 1 Lucasarts | 1 Star Wars Jedi Knight Jedi Academy | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell. | |||||
| CVE-2005-0993 | 1 Sco | 1 Openserver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-0996 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function. | |||||
| CVE-2005-0997 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function. | |||||
| CVE-2005-0998 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server. | |||||
| CVE-2005-0999 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter. | |||||
| CVE-2005-1002 | 1 Logics Software | 1 Log-ft | 2016-10-18 | 5.0 MEDIUM | N/A |
| logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters. | |||||
| CVE-2005-1018 | 1 Ca | 1 Brightstor Arcserve Backup | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field. | |||||