Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4640 | 1 Class-1 | 1 Poll Software | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | |||||
| CVE-2005-4628 | 1 Help Desk Point Software | 1 Helpdeskpoint | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4629 | 1 Smbcms | 1 Smbcms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | |||||
| CVE-2005-4406 | 1 Tmc Visionpool | 1 Mercury Cms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4498 | 1 Text-e | 1 Text-e Cms | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4475 | 1 Alkacon | 1 Opencms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4512 | 1 Waxtrapp | 1 Waxtrapp | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4632 | 1 Vote Pro | 1 Vote Pro | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | |||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | |||||
| CVE-2005-4373 | 1 Liquid Bytes Technologies | 1 Adaptive Website Framework | 2008-09-20 | 5.0 MEDIUM | N/A |
| Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. | |||||
| CVE-2005-4408 | 1 Pc Media | 1 Miraserver | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter to article.php. | |||||
| CVE-2005-4409 | 1 Mmbase | 1 Mmbase | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4410 | 1 Nqcontent | 1 Nqcontent | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. | |||||
| CVE-2005-4398 | 1 Mindroute Software | 1 Lemoon | 2008-09-20 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: the vendor has disputed this issue. Cross-site scripting (XSS) vulnerability in lemoon 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the q parameter. NOTE: the vendor has disputed this issue, saying "Sites are built on top of ASP.NET and you use lemoon core objects to easily manage and render content. The XSS vuln. you are referring to exists in one of our public sites built on lemoon i.e. a custom made site (as all sites are). The problem exists in a UserControl that handles form input and is in no way related to the lemoon core product." | |||||
| CVE-2005-4631 | 1 Ryan Lath | 1 Zina | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2005-4429 | 1 Cs-cart | 1 Cs-cart | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) sort_by and (2) sort_order parameters to index.php. | |||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2008-09-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | |||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | |||||
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | |||||
| CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-4719 | 1 Sysbotz | 1 Systems Panel | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | |||||
| CVE-2005-4621 | 1 Jelsoft | 1 Vbulletin | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | |||||
| CVE-2005-4486 | 1 Quantum Art | 1 Qp7 Enterprise | 2008-09-20 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp. | |||||
| CVE-2005-4400 | 1 Liferay | 1 Liferay Portal Enterprise | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloads/portal_ent in Liferay Portal Enterprise 3.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) _77_struts_action, (2) p_p_mode, and (3) p_p_state parameters. | |||||
| CVE-2005-4399 | 1 Libertas Solutions | 1 Libertas Enterprise Cms | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search/index.php in Libertas Enterprise CMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page_search parameter. | |||||
| CVE-2005-4431 | 1 Wowbb | 1 Wowbb | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WowBB 1.65 allows remote attackers to execute arbitrary SQL commands via the q parameter to search.php. NOTE: the view_user.php/sort_by vector is already covered by CVE-2005-1554 and CVE-2004-2181. | |||||
| CVE-2005-4240 | 1 Vcd-db | 1 Vcd-db | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | |||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2008-09-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | |||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2008-09-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | |||||
| CVE-2005-4289 | 1 Edatcat | 1 Edatcat Shopping Cart System | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter. | |||||
| CVE-2005-4308 | 1 Scriptscenter | 1 Ezupload Pro | 2008-09-20 | 7.5 HIGH | N/A |
| index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter. | |||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 5.0 MEDIUM | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | |||||
| CVE-2005-4303 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter. | |||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2008-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. | |||||
| CVE-2005-4335 | 1 Courseforum | 1 Projectforum | 2008-09-20 | 7.8 HIGH | N/A |
| ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. | |||||
| CVE-2005-4233 | 1 Php Web Scripts | 1 Ad Manager Pro | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | |||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | |||||
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2008-09-20 | 5.0 MEDIUM | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | |||||
| CVE-2005-4027 | 1 Simplemedia | 1 Simplebbs | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | |||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | |||||
| CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | |||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | |||||
| CVE-2008-4126 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099. | |||||
| CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2008-4042 | 2008-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3889. Reason: This candidate is a duplicate of CVE-2008-3889. Notes: All CVE users should reference CVE-2008-3889 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-3876 | 1 Apple | 1 Iphone | 2008-09-17 | 1.9 LOW | N/A |
| Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | |||||
| CVE-2008-3791 | 1 Lxde | 1 Lightweight X11 Desktop Environment | 2008-09-17 | 4.6 MEDIUM | N/A |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file. | |||||
| CVE-2008-4079 | 1 Six Apart | 1 Movable Type | 2008-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4055 | 1 Texmedia | 1 Million Pixel Script | 2008-09-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | |||||