Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3596 | 1 Iisworks | 1 Aspknowledgebase | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ASPKnowledgebase allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password fields in adminlogin.asp. | |||||
| CVE-2005-3127 | 1 Lucidcms | 1 Lucidcms | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in lucidCMS 1.0.11 allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2005-3082 | 1 Seo-board | 1 Seo-board | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie. | |||||
| CVE-2005-3647 | 1 Winability | 1 Folder Guard | 2017-07-11 | 4.6 MEDIUM | N/A |
| Folder Guard allows local users to bypass protections by running from or installing to the temporary files directory. | |||||
| CVE-2005-3128 | 1 Squirrelmail | 1 Address Add Plugin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag. | |||||
| CVE-2005-3129 | 1 S9y | 1 Serendipity | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php. | |||||
| CVE-2005-3073 | 1 Interchange Development Group | 1 Interchange | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page. | |||||
| CVE-2005-3366 | 1 Php Icalendar | 1 Php Icalendar | 2017-07-11 | 6.8 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher. | |||||
| CVE-2005-3072 | 1 Interchange Development Group | 1 Interchange | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pages/forum/submit.html in Interchange 4.9.3 up to 5.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3648 | 1 Moodle | 1 Moodle | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the get_record function in datalib.php in Moodle 1.5.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) category.php and (2) info.php. | |||||
| CVE-2005-3431 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition. | |||||
| CVE-2005-3060 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3136 | 1 Virtools | 1 Web Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename. | |||||
| CVE-2005-3530 | 1 Antville | 1 Antville | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote attackers to inject arbitrary web script or HTML via the notfound.skin error document. | |||||
| CVE-2005-3137 | 1 Gnu | 1 Cfengine | 2017-07-11 | 2.1 LOW | N/A |
| The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960. | |||||
| CVE-2005-3636 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SAP Web Application Server (WAS) 6.10 allows remote attackers to inject arbitrary web script or HTML via Error Pages. | |||||
| CVE-2005-2865 | 1 Amember | 1 Amember | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. | |||||
| CVE-2005-3635 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SAP Web Application Server (WAS) 6.10 through 7.00 allow remote attackers to inject arbitrary web script or HTML via (1) the sap-syscmd in sap-syscmd and (2) the BspApplication field in the SYSTEM PUBLIC test application. | |||||
| CVE-2005-3138 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set. | |||||
| CVE-2005-3664 | 2 F-secure, Kaspersky Lab | 3 F-secure Anti-virus, Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file. | |||||
| CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | |||||
| CVE-2005-3139 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set. | |||||
| CVE-2005-3142 | 1 Kaspersky Lab | 4 Kaspersky Anti-virus, Kaspersky Anti-virus Personal, Kaspersky Anti-virus Personal Pro and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and Kaspersky Personal Security Suite 1.1 allows remote attackers to execute arbitrary code via a CAB file with large records after the header. | |||||
| CVE-2005-3475 | 1 Hasbani Web Server | 1 Hasbani Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests. | |||||
| CVE-2005-3152 | 1 Devellion | 1 Cubecart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the redir parameter to (1) cart.php or (2) index.php, or (3) the searchStr parameter in a viewCat action to index.php. Note: vectors (1) and (2) were later reported to affect 3.0.7-pl1. | |||||
| CVE-2005-3236 | 1 Cynox | 1 Cyphor | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php. | |||||
| CVE-2005-3043 | 1 Mall23 | 1 Mall23 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idOption_Dropdown_2 parameter. | |||||
| CVE-2005-3514 | 1 Chipmunk Scripts | 1 Chipmunk Forum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php. | |||||
| CVE-2005-3161 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php. | |||||
| CVE-2005-3682 | 1 Wizz Forum | 1 Wizz Forum | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php. | |||||
| CVE-2005-3470 | 1 Mailscanner | 1 Mailscanner | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands. | |||||
| CVE-2005-3660 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 4.9 MEDIUM | N/A |
| Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference. | |||||
| CVE-2005-3430 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension. | |||||
| CVE-2005-3515 | 1 Chipmunk Scripts | 1 Chipmunk Topsites | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter. | |||||
| CVE-2005-3516 | 1 Chipmunk Scripts | 1 Chipmunk Directory | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter. | |||||
| CVE-2005-3517 | 1 Chipmunk Scripts | 1 Chipmunk Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php. | |||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 2.1 LOW | N/A |
| image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | |||||
| CVE-2005-3188 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 7.6 HIGH | N/A |
| Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476. | |||||
| CVE-2005-3569 | 1 Ibm | 1 Db2 Content Manager | 2017-07-11 | 5.0 MEDIUM | N/A |
| INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX allows attackers to cause a denial of service (application crash) via unknown attack vectors involving LZH files. | |||||
| CVE-2005-3020 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to css.php, (2) redirect parameter to index.php, (3) email parameter to user.php, (4) goto parameter to language.php, (5) orderby parameter to modlog.php, and the (6) hex, (7) rgb, or (8) expandset parameter to template.php. | |||||
| CVE-2005-3194 | 1 Estsoft | 1 Alzip | 2017-07-11 | 5.1 MEDIUM | N/A |
| Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), and 5.52 (English) allow remote attackers to execute arbitrary code via a long filename in a compressed (1) ALZ, (2) ARJ, (3) ZIP, (4) UUE, or (5) XXE archive. | |||||
| CVE-2005-1005 | 1 Profitcode | 1 Payprocart | 2017-07-11 | 7.5 HIGH | N/A |
| ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter. | |||||
| CVE-2005-0637 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory. | |||||
| CVE-2005-0652 | 1 Hp | 1 Openvms | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files. | |||||
| CVE-2005-0657 | 1 Computalynx | 1 Cproxy | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot) in an HTTP request. | |||||
| CVE-2005-0663 | 1 Mercuryboard | 1 Mercuryboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. | |||||
| CVE-2005-0669 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module. | |||||
| CVE-2005-0670 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts. | |||||
| CVE-2005-1391 | 1 Apsis | 1 Pound | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | |||||
| CVE-2005-0681 | 1 Nokia | 1 Series | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname. | |||||