Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1181 | 1 Ariadne | 1 Ariadne Cms | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor has disputed this issue, saying that loader.php first requires the "ariadne.inc" file, which defines the $ariadne variable, and thus it cannot be modified by an attacker. In addition, CVE personnel have partially verified the dispute via source code inspection of Ariadne 2.4 as available on July 5, 2005. | |||||
| CVE-2005-1182 | 1 Ibm | 1 Os 400 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs. | |||||
| CVE-2005-1183 | 1 Mvnforum | 1 Mvnforum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter. | |||||
| CVE-2005-1185 | 1 Musicmatch | 1 Jukebox | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe. | |||||
| CVE-2005-1186 | 1 Musicmatch | 1 Jukebox | 2017-07-11 | 6.8 MEDIUM | N/A |
| Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks. | |||||
| CVE-2005-1187 | 1 X-ways Software Technology Ag | 1 Winhex | 2017-07-11 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument. NOTE: since this overflow is in the command line of an unprivileged program, it is highly likely that this is not a vulnerability. | |||||
| CVE-2005-1188 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter. | |||||
| CVE-2005-1189 | 1 Webcamxp | 1 Webcamxp Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites. | |||||
| CVE-2005-1190 | 1 Webcamxp | 1 Webcamxp Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered. | |||||
| CVE-2005-1193 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:, (2) applet:, (3) about:, (4) activex:, (5) chrome:, or (6) script: URI scheme, as demonstrated using the URL tag. | |||||
| CVE-2005-1195 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code. | |||||
| CVE-2005-1200 | 1 Azbb | 1 Az Bulletin Board | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1201 | 1 Azbb | 1 Az Bulletin Board | 2017-07-11 | 6.4 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist. | |||||
| CVE-2005-1220 | 1 Knusperleicht | 1 Shoutbox Script | 2017-07-11 | 7.5 HIGH | N/A |
| Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | |||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-1222 | 1 Netref | 1 Netref | 2017-07-11 | 7.5 HIGH | N/A |
| cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | |||||
| CVE-2005-1223 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | |||||
| CVE-2005-1225 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | |||||
| CVE-2005-1226 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-11 | 7.5 HIGH | N/A |
| Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1227 | 1 Phprojekt | 1 Phprojekt | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. | |||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2017-07-11 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | |||||
| CVE-2005-1233 | 1 Php Labs | 1 Profile | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters. | |||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2017-07-11 | 7.5 HIGH | N/A |
| By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | |||||
| CVE-2005-1239 | 1 Raz-lee | 1 Security\+\+\+ | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1240 | 1 Castlehill | 1 Secure Net | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1242 | 1 Bsafe | 1 Global Security | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1243 | 1 Safestone Technologies | 1 Axcessit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2017-07-11 | 7.5 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable." | |||||
| CVE-2005-1245 | 1 Mediawiki | 1 Mediawiki | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1270 | 1 Gentoo | 1 Rootkit Hunter | 2017-07-11 | 2.1 LOW | N/A |
| The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1282 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. | |||||
| CVE-2005-1283 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | |||||
| CVE-2005-1284 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | |||||
| CVE-2005-1291 | 1 Cartwiz | 1 Asp Cart | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | |||||
| CVE-2005-1292 | 1 Elemental Software | 1 Cartwiz | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. | |||||
| CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | |||||
| CVE-2005-1323 | 1 Intersoft | 1 Netterm | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2005-1324 | 1 Matthieu Aubry | 1 Phpmyvisites | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters. | |||||
| CVE-2005-1347 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 2.6 LOW | N/A |
| ** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED. | |||||
| CVE-2005-1349 | 1 Perl | 1 Convert Uulib | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. | |||||
| CVE-2005-1360 | 1 Graycms | 1 Graycms | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1361 | 1 Metalinks | 1 Metacart E-shop | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. | |||||
| CVE-2005-1364 | 1 Metalinks | 1 Metabid Auctions | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | |||||
| CVE-2005-1370 | 1 Hp | 1 Openview Radia Management Portal | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2005-1371 | 1 Bulletproof | 1 Bulletproof Ftp Server | 2017-07-11 | 7.2 HIGH | N/A |
| BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges. | |||||
| CVE-2005-1372 | 1 Bakbone | 1 Netvault | 2017-07-11 | 4.6 MEDIUM | N/A |
| nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu. | |||||
| CVE-2005-1373 | 1 Dream4 | 1 Koobi Cms | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | |||||
| CVE-2005-1374 | 1 Claroline | 1 Claroline | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. | |||||
| CVE-2005-1375 | 1 Claroline | 1 Claroline | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php. | |||||