Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0685 | 1 Outstart | 1 Participate Enterprise | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple access validation errors in OutStart Participate Enterprise (PE) allow remote attackers to (1) browse arbitrary directory trees by modifying the rootFolder parameter to displaynavigator.jsp, (2) rename arbitrary directory objects by modifying the selectedObject parameter to renamepopup.jsp, (3) delete arbitrary directory objects by modifying the selectedObjectsCSV parameter to displaydeletenavigator.jsp, and conduct other unauthorized activities via the (4) showDeleteView, (5) showWebFolderView, (6) showLibraryView, (7) showMyLibraryView, (8) singleSelectObject, (9) processRadioSelection, (10) processCheckboxSelection, (11) singleSelectObject, (12) addToSelectedObjects, or (13) removeFromSelectedObjects commands. | |||||
| CVE-2005-0707 | 1 Ipswitch | 1 Ipswitch Collaboration Suite | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command. | |||||
| CVE-2005-0719 | 1 Hp | 1 Tru64 | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd. | |||||
| CVE-2005-0729 | 1 Techland | 1 Xpand Rally | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message. | |||||
| CVE-2005-0730 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt. | |||||
| CVE-2005-0731 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to Filelist.html. | |||||
| CVE-2005-0732 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message. | |||||
| CVE-2005-0733 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not. | |||||
| CVE-2005-0734 | 1 Py Software | 1 Active Webcam | 2017-07-11 | 5.0 MEDIUM | N/A |
| PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests. | |||||
| CVE-2005-0743 | 1 Xoops | 1 Xoops | 2017-07-11 | 7.5 HIGH | N/A |
| The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. | |||||
| CVE-2005-0744 | 1 Novell | 1 Ichain | 2017-07-11 | 10.0 HIGH | N/A |
| The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser. | |||||
| CVE-2005-0746 | 1 Novell | 1 Ichain | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. | |||||
| CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | |||||
| CVE-2005-0774 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | |||||
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | |||||
| CVE-2005-0777 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. | |||||
| CVE-2005-0778 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | |||||
| CVE-2005-0781 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | |||||
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2005-0786 | 1 Simpgb | 1 Simpgb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. | |||||
| CVE-2005-0787 | 1 Wine | 1 Wine | 2017-07-11 | 2.1 LOW | N/A |
| Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. | |||||
| CVE-2005-0788 | 1 Limewire | 1 Limewire | 2017-07-11 | 5.0 MEDIUM | N/A |
| LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. | |||||
| CVE-2005-0841 | 1 Phpmyfamily | 1 Phpmyfamily | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field. | |||||
| CVE-2005-0789 | 1 Limewire | 1 Limewire | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request. | |||||
| CVE-2005-0790 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0791 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. | |||||
| CVE-2005-0792 | 1 Zpanel | 1 Zpanel | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php. | |||||
| CVE-2005-0794 | 1 Zpanel | 1 Zpanel | 2017-07-11 | 6.4 MEDIUM | N/A |
| ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php. | |||||
| CVE-2005-0795 | 1 Hola | 1 Holacms | 2017-07-11 | 5.0 MEDIUM | N/A |
| HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. | |||||
| CVE-2005-0802 | 1 Asp Press | 1 Acs Blog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-0807 | 1 Oxid | 1 Cain And Abel | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters. | |||||
| CVE-2005-0848 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl. | |||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2005-0821 | 1 Citrix | 1 Metaframe Conferencing Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. | |||||
| CVE-2005-0823 | 1 Thepoolclub | 2 Ipool, Isnooker | 2017-07-11 | 4.6 MEDIUM | N/A |
| ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. | |||||
| CVE-2005-0826 | 1 Ollydbg | 1 Ollydbg | 2017-07-11 | 5.0 MEDIUM | N/A |
| OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename. | |||||
| CVE-2005-0827 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message. | |||||
| CVE-2005-0828 | 3 Ciamos, E-xoops, Runcms | 3 Ciamos, E-xoops, Runcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php. | |||||
| CVE-2005-0837 | 1 Icecast | 1 Icecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). | |||||
| CVE-2005-0838 | 1 Icecast | 1 Icecast | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag. | |||||
| CVE-2005-0854 | 1 Betaparticle | 1 Betaparticle Blog | 2017-07-11 | 7.5 HIGH | N/A |
| betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp. | |||||
| CVE-2005-0857 | 1 Coolforum | 1 Coolforum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter. | |||||
| CVE-2005-0919 | 1 Adventia | 2 Adventia Chat, Adventia Server Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks. | |||||
| CVE-2005-0858 | 1 Coolforum | 1 Coolforum | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php. | |||||
| CVE-2005-0861 | 1 Delegate | 1 Delegate | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays." | |||||
| CVE-2005-0863 | 1 Phpopenchat | 1 Phpopenchat | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php. | |||||
| CVE-2005-0869 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0870 | 1 Phpsysinfo | 1 Phpsysinfo | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php. | |||||