Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2719 | 1 Flagship Industries | 1 Ventrilo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784. | |||||
| CVE-2005-2720 | 1 Hauri | 4 Livecall, Virobot Advanced Server, Virobot Expert and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. | |||||
| CVE-2005-2544 | 1 Comdev | 1 Comdev Ecommerce | 2017-07-11 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter. | |||||
| CVE-2005-2545 | 1 Phpopenchat | 1 Phpopenchat | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php. | |||||
| CVE-2005-2554 | 1 Network Associates | 1 Epolicy Orchestrator Agent | 2017-07-11 | 2.1 LOW | N/A |
| The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. | |||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | |||||
| CVE-2005-2562 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field. | |||||
| CVE-2005-2564 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file. | |||||
| CVE-2005-2565 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message. | |||||
| CVE-2005-2734 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2735 | 1 Phpgraphy | 1 Phpgraphy | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2736 | 1 Yapig | 1 Yapig | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2587 | 1 Phptb | 1 Topic Boards | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2005-2590 | 1 Parlano | 1 Mindalign | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2591 | 1 Parlano | 1 Mindalign | 2017-07-11 | 5.0 MEDIUM | N/A |
| Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability. | |||||
| CVE-2005-2592 | 1 Parlano | 1 Mindalign | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2005-2593 | 1 Parlano | 1 Mindalign | 2017-07-11 | 10.0 HIGH | N/A |
| Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors. | |||||
| CVE-2005-2597 | 1 Aol | 1 Aol Client Software | 2017-07-11 | 7.2 HIGH | N/A |
| AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. | |||||
| CVE-2005-2599 | 1 Hummingbird | 1 Connectivity | 2017-07-11 | 7.5 HIGH | N/A |
| Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges. | |||||
| CVE-2005-2611 | 1 Symantec Veritas | 3 Backup Exec, Backup Exec Remote Agent, Netbackup | 2017-07-11 | 10.0 HIGH | N/A |
| VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from the NDMP agent to the server, which allows remote attackers to read and write arbitrary files with the backup server. | |||||
| CVE-2005-2613 | 1 Cpaint | 1 Cpaint | 2017-07-11 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors. | |||||
| CVE-2005-2620 | 1 Novell | 1 Groupwise | 2017-07-11 | 5.0 MEDIUM | N/A |
| grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. | |||||
| CVE-2005-2630 | 1 Realnetworks | 2 Realone Player, Realplayer | 2017-07-11 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094. | |||||
| CVE-2005-2632 | 1 Mediabox404 | 1 Mediabox404 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2005-2634 | 1 Winftp Server | 1 Winftp Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request. | |||||
| CVE-2005-2635 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to adlayer.php or (2) language parameter to js-form.php. | |||||
| CVE-2005-2636 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter. | |||||
| CVE-2005-2648 | 1 W-agora | 1 W-agora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. | |||||
| CVE-2005-2649 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. | |||||
| CVE-2005-2651 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 7.5 HIGH | N/A |
| gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. | |||||
| CVE-2005-2652 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php. | |||||
| CVE-2005-2653 | 1 Bbcaffe | 1 Bbcaffe | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. | |||||
| CVE-2005-2657 | 1 Common-lisp-controller | 1 Common-lisp-controller | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | |||||
| CVE-2005-2662 | 1 Masqmail | 1 Masqmail | 2017-07-11 | 7.5 HIGH | N/A |
| masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message. | |||||
| CVE-2005-2663 | 1 Masqmail | 1 Masqmail | 2017-07-11 | 2.1 LOW | N/A |
| masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file. | |||||
| CVE-2005-2687 | 1 Savewebportal | 1 Savewebportal | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | |||||
| CVE-2005-2698 | 1 Nelogic Technologies | 1 Nephp Publisher Enterprise | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. | |||||
| CVE-2005-2721 | 1 Foojan | 1 Php Weblog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header. | |||||
| CVE-2005-2723 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie. | |||||
| CVE-2005-2724 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. | |||||
| CVE-2005-2725 | 1 Qnx | 1 Rtos | 2017-07-11 | 2.1 LOW | N/A |
| The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files. | |||||
| CVE-2005-2726 | 1 Ari Pikivirta | 1 Home Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR. | |||||
| CVE-2005-2727 | 1 Ari Pikivirta | 1 Home Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst. | |||||
| CVE-2005-2729 | 1 Astaro | 1 Security Linux | 2017-07-11 | 7.5 HIGH | N/A |
| The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services. | |||||
| CVE-2005-2730 | 1 Astaro | 1 Security Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message. | |||||
| CVE-2005-2733 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-07-11 | 7.5 HIGH | N/A |
| upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-2737 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2738 | 1 Sun | 1 Java | 2017-07-11 | 5.0 MEDIUM | N/A |
| Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. | |||||
| CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | |||||
| CVE-2005-2744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file. | |||||