Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3324 | 1 Appindex | 1 Mwchat | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. | |||||
| CVE-2005-3334 | 1 Flyspray | 1 Flyspray | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters. | |||||
| CVE-2005-3335 | 1 Mantis | 1 Mantis | 2017-07-11 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter. | |||||
| CVE-2005-3675 | 1 Tcp | 1 Tcp | 2017-07-11 | 7.8 HIGH | N/A |
| The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth. | |||||
| CVE-2005-3331 | 1 Rogers Software Source | 1 Mgdiff Patch Viewer | 2017-07-11 | 2.1 LOW | N/A |
| viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-2894 | 1 Pblang | 1 Pblang | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. | |||||
| CVE-2005-3026 | 1 Alstrasoft | 1 Epay | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | |||||
| CVE-2005-3333 | 1 Ebase | 1 Ebaseweb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-3408 | 1 Greg Neustaetter | 1 Gcards | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter. | |||||
| CVE-2005-2815 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 6.4 MEDIUM | N/A |
| print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | |||||
| CVE-2005-3407 | 1 Butterfat | 1 Phpesp | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-2893 | 1 Pblang | 1 Pblang | 2017-07-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | |||||
| CVE-2005-2892 | 1 Pblang | 1 Pblang | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) in the u parameter. | |||||
| CVE-2005-2891 | 1 Csystems | 1 Webarchivex | 2017-07-11 | 6.4 MEDIUM | N/A |
| WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods. | |||||
| CVE-2005-2890 | 1 Secureol | 1 Ve2 | 2017-07-11 | 4.6 MEDIUM | N/A |
| SecureOL VE2 1.05.1008 does not properly restrict public access to physical memory, which allows local users to bypass intended restrictions and gain access to the secured environment via direct access to the PhysicalMemory device. | |||||
| CVE-2005-2888 | 1 Mybulletinboard | 1 Mybulletinboard | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php. | |||||
| CVE-2005-3341 | 1 Dhis Tools | 1 Dns Package | 2017-07-11 | 2.1 LOW | N/A |
| DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. | |||||
| CVE-2005-3343 | 1 Tkdiff | 1 Tkdiff | 2017-07-11 | 4.6 MEDIUM | N/A |
| tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-2887 | 1 Maxdev | 1 Md-pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message. | |||||
| CVE-2005-2886 | 1 Maxdev | 1 Md-pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.73, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via (1) the print parameter to the print module, the sitename parameter to (2) bb_smilies or (3) bbcode_ref module, or (4) the hlpfile parameter to openwindow.php. | |||||
| CVE-2005-2814 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. | |||||
| CVE-2005-3406 | 1 Butterfat | 1 Phpesp | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2885 | 1 Maxdev | 1 Md-pro | 2017-07-11 | 7.5 HIGH | N/A |
| The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which could allow remote attackers to bypass file extension checks and execute arbitrary commands by uploading a file with a different extension, as demonstrated using .inc files. | |||||
| CVE-2005-3027 | 1 Sybari | 1 Antigen | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which allows remote attackers to bypass custom filter rules and send file attachments of arbitrary file types via a message with a subject of "Antigen forwarded attachment". | |||||
| CVE-2005-2950 | 1 Sawmill | 1 Sawmill | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through 7.1.13 allows remote attackers to inject arbitrary web script or HTML via the query string in an HTTP GET request. | |||||
| CVE-2005-2951 | 1 Azerbaijan Development Group | 1 Azdgdating | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in security.inc.php in AzDGDatingLite 2.1.3, and possibly earlier versions, allows remote attackers to execute arbitrary PHP commands via ".." sequences and "%00" (trailing null byte) characters in the l parameter, which is used in an include_once statement. | |||||
| CVE-2005-3344 | 1 Horde | 1 Horde | 2017-07-11 | 10.0 HIGH | N/A |
| The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | |||||
| CVE-2005-3345 | 1 Rssh | 1 Rssh | 2017-07-11 | 7.2 HIGH | N/A |
| rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. | |||||
| CVE-2005-2884 | 1 Neocrome | 1 Land Down Under | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in events.php in Land Down Under (LDU) 801 and earlier allows remote attackers to inject arbitrary web script or HTML via the Description field in an event. | |||||
| CVE-2005-3346 | 1 Osh | 1 Osh | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | |||||
| CVE-2005-3811 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter. | |||||
| CVE-2005-2964 | 1 Abisource | 1 Community Abiword | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. | |||||
| CVE-2005-2963 | 1 Mod Auth Shadow | 1 Mod Auth Shadow | 2017-07-11 | 7.5 HIGH | N/A |
| The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. | |||||
| CVE-2005-2954 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in password_reminder.php in ATutor before 1.5.1 pl1 allows remote attackers to execute arbitrary SQL commands via the email field. | |||||
| CVE-2005-2882 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the LocationID parameter to (1) thankyou.php or (2) day.php, font parameter to (3) calDaily.php, (4) calMonthly.php, (5) calMonthlyP.php, (6) calWeekly.php, (7) calWeeklyP.php, (8) calYearly.php, (9) calYearlyP.php, (10) day.php, or (11) week.php, or (12) CeTi, (13) Contact, (14) Description, (15) ShowAddress parameter to event.php, and other attack vectors. | |||||
| CVE-2005-2881 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-07-11 | 7.5 HIGH | N/A |
| phpCommunityCalendar 4.0.3 allows remote attackers to bypass authentication and gain unauthorized access via a direct request to the admin directory. | |||||
| CVE-2005-2880 | 1 Phpcommunitycalendar | 1 Phpcommunitycalendar | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via the (1) login field in login.php or (2) LocationID parameter to week.php. | |||||
| CVE-2005-2952 | 1 Subscribe Me Pro | 1 Subscribe Me Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
| CVE-2005-2805 | 1 E107 | 1 E107 | 2017-07-11 | 5.0 MEDIUM | N/A |
| forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number. | |||||
| CVE-2005-3368 | 1 Search Enhanced | 1 Search Enhanced | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2005-2804 | 1 Novell | 1 Groupwise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | |||||
| CVE-2005-3655 | 1 Novell | 1 Open Enterprise Server | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | |||||
| CVE-2005-3096 | 1 Avi Alkalay | 1 Nslookup.cgi | 2017-07-11 | 7.5 HIGH | N/A |
| Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter. | |||||
| CVE-2005-3111 | 1 Debian | 1 Backupninja | 2017-07-11 | 2.1 LOW | N/A |
| The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack. | |||||
| CVE-2005-3595 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 10.0 HIGH | N/A |
| By default Microsoft Windows XP Home Edition installs with a blank password for the Administrator account, which allows remote attackers to gain control of the computer. | |||||
| CVE-2005-3116 | 1 Symantec Veritas | 1 Netbackup | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2005-3095 | 1 Avi Alkalay | 1 Notify | 2017-07-11 | 7.5 HIGH | N/A |
| Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter. | |||||
| CVE-2005-3588 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the username field. | |||||
| CVE-2005-3094 | 1 Avi Alkalay | 1 Man Cgi | 2017-07-11 | 7.5 HIGH | N/A |
| Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter. | |||||
| CVE-2005-3369 | 1 Woltlab | 1 Burning Board | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters. | |||||