Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1651 | 1 Woppoware | 1 Postmaster | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter. | |||||
| CVE-2005-1659 | 1 Myserver | 1 Myserver | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. | |||||
| CVE-2005-1661 | 1 Jeuce | 1 Jeuce Personal Web Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow. | |||||
| CVE-2005-1711 | 3 Clam Anti-virus, Gibraltar, Squid | 3 Clamav, Gibraltar Firewall, Squid | 2008-09-05 | 7.5 HIGH | N/A |
| Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. | |||||
| CVE-2005-1415 | 1 Globalscape | 1 Secure Ftp Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command. | |||||
| CVE-2005-1417 | 1 Maxwebportal | 1 Maxwebportal | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | |||||
| CVE-2005-1706 | 1 Mailscanner | 1 Mailscanner | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in MailScanner 4.41.3 and earlier, related to "incomplete reporting of viruses in zip files," allows remote attackers to bypass virus detection. | |||||
| CVE-2005-1716 | 1 Ej3 | 1 Topo | 2008-09-05 | 5.0 MEDIUM | N/A |
| TOPo 2.2 (2.2.178) stores data files in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as client IP addresses. | |||||
| CVE-2005-1715 | 1 Ej3 | 1 Topo | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 (2.2.178) allows remote attackers to inject arbitrary web script or HTML via the (1) m, (2) s, (3) ID, or (4) t parameters, or the (5) field name, (6) Your Web field, or (7) email field in the comments section. | |||||
| CVE-2005-1713 | 1 S9y | 1 Serendipity | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) templatedropdown and (2) shoutbox plugins. | |||||
| CVE-2005-1691 | 1 Sap | 1 Sap R 3 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. | |||||
| CVE-2005-1676 | 1 Groove | 2 Groove Workspace, Virtual Office | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list. | |||||
| CVE-2005-1675 | 1 Groove | 2 Groove Workspace, Virtual Office | 2008-09-05 | 4.6 MEDIUM | N/A |
| Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 installs the client installation directories with insecure EVERYBODY permissions, which allows local users to gain sensitive information. | |||||
| CVE-2005-1674 | 1 Ubertec | 1 Help Center Live | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | |||||
| CVE-2005-1673 | 1 Ubertec | 1 Help Center Live | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php, (2) tid parameter to view.php, fid parameter to (3) download.php or (4) chat_download.php, (5) status parameter to icon.php, TICKET_tid parameter to (6) index.php or (7) view.php. | |||||
| CVE-2005-1672 | 1 Ubertec | 1 Help Center Live | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Help Center Live allow remote attackers to inject arbitrary web script or HTML via the (1) find parameter to index.php, (2) name or (3) message field of a chat request, or (4) the message body when opening a trouble ticket. | |||||
| CVE-2005-1668 | 1 Yusasp | 1 Web Asset Manager | 2008-09-05 | 7.5 HIGH | N/A |
| YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp. | |||||
| CVE-2005-1658 | 1 Myserver | 1 Myserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot). | |||||
| CVE-2005-1657 | 1 Mercur | 1 Mercur Messaging | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml. | |||||
| CVE-2005-1656 | 1 Mercur | 1 Mercur Messaging | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mercur Messaging 2005 SP2 allows remote attackers to read the source code of .ctml files via a URL with a trailing hex-encoded space ("%20"). | |||||
| CVE-2005-1655 | 1 Aol | 1 Instant Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| AOL Instant Messenger 5.5.x and earlier allows remote attackers to cause a denial of service (client crash) via an invalid smiley icon location in the sml parameter of a font tag. | |||||
| CVE-2005-1654 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 7.5 HIGH | N/A |
| Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set. | |||||
| CVE-2005-1648 | 1 Gurgens | 1 Gurgens Ultimate Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | |||||
| CVE-2005-1647 | 1 Gurgens | 1 Gurgens Guest Book | 2008-09-05 | 7.5 HIGH | N/A |
| Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | |||||
| CVE-2005-1652 | 1 Woppoware | 1 Postmaster | 2008-09-05 | 7.5 HIGH | N/A |
| message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter. | |||||
| CVE-2005-1641 | 1 The Ignition Project | 1 Ignitionserver | 2008-09-05 | 2.1 LOW | N/A |
| mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not allow protected operators to access channels that have been locked out by a key, which allows IRC users to cause a denial of service. | |||||
| CVE-2005-1640 | 1 The Ignition Project | 1 Ignitionserver | 2008-09-05 | 7.5 HIGH | N/A |
| mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and possibly earlier versions, does not properly verify whether a host has the owner privileges required to delete IRC channel access entries, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2005-1639 | 1 Atinegar | 1 Sigma Isp Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 allows remote attackers to execute arbitrary SQL commands via the (1) username, (2) password, or (3) domain fields. | |||||
| CVE-2005-1638 | 1 Pixel-apes Group | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection. | |||||
| CVE-2005-1650 | 1 Woppoware | 1 Postmaster | 2008-09-05 | 7.5 HIGH | N/A |
| The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. | |||||
| CVE-2005-1629 | 1 Photopost | 1 Photopost Php Pro | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter. | |||||
| CVE-2005-1637 | 1 Npds | 1 Npds | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php. | |||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 5.0 MEDIUM | N/A |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2005-1594 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1593 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1587 | 1 Open Solution | 1 Quick.cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. | |||||
| CVE-2005-1586 | 1 Open Solution | 1 Quick.forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | |||||
| CVE-2005-1585 | 1 Open Solution | 1 Quick.forum | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory. | |||||
| CVE-2005-1584 | 1 Open Solution | 1 Quick.forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. | |||||
| CVE-2005-1583 | 1 1two | 1 1two News | 2008-09-05 | 5.0 MEDIUM | N/A |
| 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | |||||
| CVE-2005-1523 | 1 Gnu | 1 Mailutils | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands. | |||||
| CVE-2005-1522 | 1 Gnu | 1 Mailutils | 2008-09-05 | 5.0 MEDIUM | N/A |
| The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows authenticated remote users to cause a denial of service (CPU consumption) via a large range value in the FETCH command. | |||||
| CVE-2005-1474 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 7.5 HIGH | N/A |
| Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install widgets via Safari without prompting the user, a different vulnerability than CVE-2005-1933. | |||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. | |||||
| CVE-2005-1472 | 1 Apple | 1 Mac Os X | 2008-09-05 | 2.1 LOW | N/A |
| Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce the permissions of certain directories without the POSIX read bit set, but with the execute bits set for group or other, which allows local users to list files in otherwise restricted directories. | |||||
| CVE-2005-1448 | 1 S9y | 1 Serendipity | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1447 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter. | |||||
| CVE-2005-1446 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 7.5 HIGH | N/A |
| SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket. | |||||
| CVE-2005-1445 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php. | |||||
| CVE-2005-1435 | 1 Open Webmail | 1 Open Webmail | 2008-09-05 | 7.5 HIGH | N/A |
| Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename. | |||||