Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0650 | 1 Projectbb | 1 Projectbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section. | |||||
| CVE-2005-0266 | 1 Sugarcrm | 1 Sugarcrm | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter. | |||||
| CVE-2005-0412 | 1 Spidean | 1 Postwrap | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. | |||||
| CVE-2005-0229 | 1 Citrusdb | 1 Citrusdb Customer Database | 2017-07-11 | 5.0 MEDIUM | N/A |
| CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt. | |||||
| CVE-2005-0415 | 1 Ulrik Petersen | 1 Emdros Database Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | |||||
| CVE-2005-0225 | 1 Firehol | 1 Firehol | 2017-07-11 | 2.1 LOW | N/A |
| firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-2093 | 1 Oracle | 1 Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-0267 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 7.5 HIGH | N/A |
| index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive. | |||||
| CVE-2005-0222 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message. | |||||
| CVE-2005-0221 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field. | |||||
| CVE-2005-0220 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field. | |||||
| CVE-2005-0219 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php. | |||||
| CVE-2005-0268 | 1 Flatnuke | 1 Flatnuke | 2017-07-11 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field. | |||||
| CVE-2005-0269 | 1 Sir | 1 Gnuboard | 2017-07-11 | 7.5 HIGH | N/A |
| The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters. | |||||
| CVE-2005-0217 | 1 Invision Power Services | 1 Invision Community Blog | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter. | |||||
| CVE-2005-0215 | 1 Mozilla | 1 Mozilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value. | |||||
| CVE-2005-0214 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter. | |||||
| CVE-2005-0213 | 1 Webtoolmaster Software | 1 Winhki | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file. | |||||
| CVE-2005-0212 | 1 Amp | 1 Amp Ii 3d Game Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet. | |||||
| CVE-2005-2092 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-0270 | 1 Photopost | 1 Reviewpost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php. | |||||
| CVE-2005-0271 | 1 Photopost | 1 Reviewpost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php. | |||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | |||||
| CVE-2005-0421 | 1 Delphiturk | 1 Delphiturk Ftp | 2017-07-11 | 2.1 LOW | N/A |
| DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. | |||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2017-07-11 | 2.1 LOW | N/A |
| DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | |||||
| CVE-2005-0423 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-2091 | 1 Ibm | 1 Websphere Application Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2004-2600 | 2 Hp, Intel | 22 Carrier Grade Server Cc2300, Carrier Grade Server Cc3300, Carrier Grade Server Cc3310 and 19 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. | |||||
| CVE-2005-0272 | 1 Photopost | 1 Reviewpost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions. | |||||
| CVE-2005-0273 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter. | |||||
| CVE-2005-0424 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730. | |||||
| CVE-2005-0274 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters. | |||||
| CVE-2005-0199 | 1 Ngircd | 1 Ngircd | 2017-07-11 | 7.5 HIGH | N/A |
| Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. | |||||
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | |||||
| CVE-2005-0428 | 1 Powerdns | 1 Powerdns | 2017-07-11 | 5.0 MEDIUM | N/A |
| The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | |||||
| CVE-2005-0275 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name. | |||||
| CVE-2005-0193 | 1 Isync | 1 Mrouter | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code. | |||||
| CVE-2005-0276 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands. | |||||
| CVE-2005-0188 | 1 Athoc | 1 Athoc Toolbar | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log. | |||||
| CVE-2005-0187 | 1 Athoc | 1 Athoc Toolbar | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. | |||||
| CVE-2005-0185 | 1 Mnet Soft Factory | 1 Nodemanager Professional | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field. | |||||
| CVE-2005-0184 | 1 Squirrelmail | 1 Vacation Plugin | 2017-07-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request. | |||||
| CVE-2005-0183 | 1 Squirrelmail | 1 Vacation Plugin | 2017-07-11 | 7.2 HIGH | N/A |
| ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. | |||||
| CVE-2005-0182 | 1 Mod Dosevasive | 1 Mod Dosevasive | 2017-07-11 | 5.0 MEDIUM | N/A |
| The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-0277 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls. | |||||
| CVE-2005-0159 | 1 Debian | 2 Debian Linux, Toolchain-source | 2017-07-11 | 4.6 MEDIUM | N/A |
| The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0278 | 1 3com | 1 3cdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message. | |||||
| CVE-2005-0279 | 1 Jowood Productions | 1 Soldner Secret Wars | 2017-07-11 | 5.0 MEDIUM | N/A |
| Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet. | |||||
| CVE-2005-0280 | 1 Jowood Productions | 1 Soldner Secret Wars | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message. | |||||
| CVE-2005-0140 | 1 Peid | 1 Peid | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name. | |||||