Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4415 | 1 Tml | 1 Tml | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. | |||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | |||||
| CVE-2005-4455 | 1 Livejournal | 1 Livejournal | 2008-09-05 | 5.0 MEDIUM | N/A |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | |||||
| CVE-2005-4174 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 7.5 HIGH | N/A |
| eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in eFiction itself or the result of incorrect system administration practices, e.g. by not removing utility scripts once they have been used. | |||||
| CVE-2005-4334 | 1 John Andersson | 1 Zixforum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp. | |||||
| CVE-2005-4256 | 1 Asp-dev | 1 Xm Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via the forum_title parameter. NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. In addition, its accuracy is in question because "forum_title" does not appear to be specified in the source code for XM Forum RC3. It is possible, but not certain, that this is CVE-2004-2211. | |||||
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4266 | 1 Alt-n | 2 Mdaemon, Worldclient | 2008-09-05 | 7.5 HIGH | N/A |
| WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a Session parameter that contains a randomly generated session ID that is associated with a username, which allows remote attackers to perform actions as other users by guessing or sniffing the random value. | |||||
| CVE-2005-4269 | 1 Microsoft | 3 Ie, Windows 2003 Server, Windows Xp | 2008-09-05 | 7.8 HIGH | N/A |
| mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE. | |||||
| CVE-2005-4397 | 1 Icms Content Management Systems | 1 Icms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | |||||
| CVE-2005-4450 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | |||||
| CVE-2005-4275 | 1 Scientific Atlanta | 1 Dpx2100 Cable Modem | 2008-09-05 | 7.8 HIGH | N/A |
| Scientific Atlanta DPX2100 Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD), as demonstrated using hping2. NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4276 | 1 Westell | 1 Versalink | 2008-09-05 | 7.8 HIGH | N/A |
| Westell Versalink 327W allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LanD). NOTE: the provenance of this issue is unknown; the details are obtained solely from third party information. | |||||
| CVE-2005-4413 | 1 Ibm | 1 Websphere Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. | |||||
| CVE-2005-4337 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 7.5 HIGH | N/A |
| The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter. | |||||
| CVE-2005-4338 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 10.0 HIGH | N/A |
| announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin". | |||||
| CVE-2005-4339 | 1 Blackboard | 1 Academic Suite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page. | |||||
| CVE-2005-4412 | 1 Citrix | 1 Program Neighborhood Client | 2008-09-05 | 2.1 LOW | N/A |
| Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain the password by using a tool to directly access the field. | |||||
| CVE-2005-4446 | 1 Aspbite | 1 Aspbite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | |||||
| CVE-2005-4404 | 1 Media2 Cms | 1 Media2 Cms Shop | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x allows remote attackers to execute arbitrary SQL commands via the item parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4422 | 1 Toenda Software Development | 1 Toendacms | 2008-09-05 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums. | |||||
| CVE-2005-4423 | 1 Phpfm | 1 Phpfm | 2008-09-05 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell." | |||||
| CVE-2005-3764 | 1 Exponent | 1 Exponent | 2008-09-05 | 10.0 HIGH | N/A |
| The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML. | |||||
| CVE-2005-3763 | 1 Exponent | 1 Exponent | 2008-09-05 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability. | |||||
| CVE-2005-3761 | 1 Exponent | 1 Exponent | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form generator or (2) the parameters to the installer. | |||||
| CVE-2005-3731 | 1 Yassl | 1 Yassl | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing." | |||||
| CVE-2005-3730 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. | |||||
| CVE-2005-3729 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html. | |||||
| CVE-2005-3697 | 1 Uresk Links | 1 Uresk Links | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php. | |||||
| CVE-2005-3919 | 1 Pblang | 1 Pblang | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote attackers to inject arbitrary web script or HTML via multiple fields in (1) UCP.php and (2) SendPm.php. | |||||
| CVE-2005-3856 | 1 Krusader | 1 Krusader | 2008-09-05 | 4.0 MEDIUM | N/A |
| The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites. | |||||
| CVE-2005-3728 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | |||||
| CVE-2005-3727 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2005-3854 | 1 Easypagecms | 1 Easypagecms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | |||||
| CVE-2005-3698 | 1 Php Easy Download | 1 Php Easy Download | 2008-09-05 | 7.5 HIGH | N/A |
| PHP Easy Download allows remote attackers to bypass authentication via edit.php. | |||||
| CVE-2005-3992 | 1 Wineggdropshell | 1 Wineggdropshell | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server. | |||||
| CVE-2005-4025 | 1 Help Desk Reloaded | 1 Free Help Desk | 2008-09-05 | 7.5 HIGH | N/A |
| Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user. | |||||
| CVE-2005-4002 | 1 Esi Products | 1 Webeoc | 2008-09-05 | 4.0 MEDIUM | N/A |
| WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. | |||||
| CVE-2005-3769 | 1 Php Download Manager | 1 Php Download Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2005-3753 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 7.8 HIGH | N/A |
| Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher processors. NOTE: it is not clear whether this issue can be triggered by an attacker. | |||||
| CVE-2005-3736 | 1 Coastal Data Management | 1 E-quick Cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp. | |||||
| CVE-2005-3752 | 1 Ldapdiff | 1 Ldapdiff | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction". | |||||
| CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2008-09-05 | 7.8 HIGH | N/A |
| Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2005-3687 | 1 Whm Autopilot | 1 Whm Autopilot | 2008-09-05 | 5.0 MEDIUM | N/A |
| cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | |||||
| CVE-2005-3751 | 1 Apsis | 1 Pound | 2008-09-05 | 4.3 MEDIUM | N/A |
| HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with conflicting Content-length and Transfer-encoding headers. | |||||
| CVE-2005-3743 | 1 Simplepoll | 1 Simplepoll | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter. | |||||
| CVE-2005-3765 | 1 Exponent | 1 Exponent | 2008-09-05 | 7.5 HIGH | N/A |
| Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-3987 | 1 Tradesoft | 1 Tradesoft Cms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote attackers to execute arbitrary SQL commands via unspecified attack vectors. | |||||
| CVE-2005-3766 | 1 Exponent | 1 Exponent | 2008-09-05 | 5.0 MEDIUM | N/A |
| Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers to access the pages by browsing uploaded files. | |||||
