Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3025 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php. | |||||
| CVE-2005-3062 | 1 Alstrasoft | 1 E-friends | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in AlstraSoft E-Friends 4.0 allows remote attackers to execute arbitrary PHP code via the mode parameter. | |||||
| CVE-2005-3090 | 1 Mantis | 1 Mantis | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is used to delete the bug, as identified by bug#0006002, a different vulnerability than CVE-2005-2557. | |||||
| CVE-2005-2899 | 1 Cj Design | 1 Cj Tag Board | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in details.php in CjTagBoard 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) date, (2) time, (3) name, (4) ip, (5) agent, or (6) msg parameter. | |||||
| CVE-2005-2953 | 1 Miva | 1 Miva Merchant | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA Merchant 5 allows remote attackers to inject arbitrary web script or HTML via the Customer_Login parameter. | |||||
| CVE-2005-2956 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-18 | 5.0 MEDIUM | N/A |
| ATutor 1.5.1, and possibly earlier versions, stores temporary chat logs under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain user chat conversations via direct requests to those files. | |||||
| CVE-2005-2957 | 1 Avira | 1 Desktop | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 with AVPACK32.DLL 6.31.0.3, when archive scanning is enabled, allows remote attackers to execute arbitrary code via a long filename in an ACE archive. | |||||
| CVE-2005-2955 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-18 | 4.6 MEDIUM | N/A |
| config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others. | |||||
| CVE-2005-2900 | 1 Cj Desing | 1 Cjlinkout | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 allows remote attackers to inject arbitrary web script or HTML via the 123 parameter. | |||||
| CVE-2005-2897 | 1 Stylemotion | 1 Web News | 2016-10-18 | 5.0 MEDIUM | N/A |
| WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php. | |||||
| CVE-2005-2945 | 1 Arc | 1 Arc | 2016-10-18 | 2.1 LOW | N/A |
| arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c). | |||||
| CVE-2005-2982 | 1 Compaq | 1 Compaqhttpserver | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting 404 error page. | |||||
| CVE-2005-2878 | 1 Gnu | 1 Mailutils | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command. | |||||
| CVE-2005-2948 | 1 Killprocess | 1 Killprocess | 2016-10-18 | 2.1 LOW | N/A |
| KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess. | |||||
| CVE-2005-2904 | 1 Zebedee | 1 Zebedee | 2016-10-18 | 5.0 MEDIUM | N/A |
| Zebedee 2.4.1, when "allowed redirection port" is not set, allows remote attackers to cause a denial of service (application crash) via a zero in the port number of the protocol option header, which triggers an assert error in the makeConnection function in zebedee.c. | |||||
| CVE-2005-2879 | 1 Advansysperu Software | 1 Usb Lock Auto-protect | 2016-10-18 | 2.1 LOW | N/A |
| Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection. | |||||
| CVE-2005-2889 | 1 Checkpoint | 1 Connectra Ngx | 2016-10-18 | 7.5 HIGH | N/A |
| Check Point NGX R60 does not properly verify packets against the predefined service group "CIFS" rule, which allows remote attackers to bypass intended restrictions. | |||||
| CVE-2005-2877 | 1 Twiki | 1 Twiki | 2016-10-18 | 7.5 HIGH | N/A |
| The history (revision control) function in TWiki 02-Sep-2004 and earlier allows remote attackers to execute arbitrary code via shell metacharacters, as demonstrated via the rev parameter to TWikiUsers. | |||||
| CVE-2005-2949 | 1 Mark D. Roth | 1 Pam Per User | 2016-10-18 | 7.5 HIGH | N/A |
| pam_per_user before 0.4 does not verify if the user name changes between authentication attempts and uses the same subrequest handle, which allows remote attackers or local users to login as other users by using certain applications that allow the username to be changed during authentication, such as /bin/login. | |||||
| CVE-2005-2918 | 1 Gtkdiskfree | 1 Gtkdiskfree | 2016-10-18 | 5.0 MEDIUM | N/A |
| The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file. | |||||
| CVE-2005-2901 | 1 Cj Desing | 1 Cjweb2mail | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) message, or (3) ip parameter to thankyou.php or (4) emsg parameter to web2mail.php. | |||||
| CVE-2005-2780 | 1 Neocrome | 1 Land Down Under | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature. | |||||
| CVE-2005-2864 | 1 Urban | 1 Urban | 2016-10-18 | 2.1 LOW | N/A |
| URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files. | |||||
| CVE-2005-2779 | 1 Itan Online-banking Security System | 1 Itan Online-banking Security System | 2016-10-18 | 5.0 MEDIUM | N/A |
| The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack. | |||||
| CVE-2005-2849 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2016-10-18 | 6.4 MEDIUM | N/A |
| Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | |||||
| CVE-2005-2863 | 1 Open Webmail | 1 Open Webmail | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | |||||
| CVE-2005-2816 | 1 Greymatter | 1 Greymatter Forum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. | |||||
| CVE-2005-2766 | 1 Symantec | 1 Norton Antivirus | 2016-10-18 | 2.1 LOW | N/A |
| Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server. | |||||
| CVE-2005-2862 | 1 Road Runner | 1 Adsl Road Runner Modem | 2016-10-18 | 7.5 HIGH | N/A |
| ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access. | |||||
| CVE-2005-2860 | 1 Nikto | 1 Nikto | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | |||||
| CVE-2005-2846 | 1 Cmsmadesimple | 1 Cms Made Simple | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. | |||||
| CVE-2005-2847 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2016-10-18 | 7.5 HIGH | N/A |
| img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | |||||
| CVE-2005-2786 | 1 Cosmoshop | 1 Cosmoshop | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | |||||
| CVE-2005-2810 | 1 Urban | 1 Urban | 2016-10-18 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc. | |||||
| CVE-2005-2778 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter. | |||||
| CVE-2005-2697 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282. | |||||
| CVE-2005-2718 | 1 Mplayer | 1 Mplayer | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk. | |||||
| CVE-2005-2696 | 1 Ibm | 1 Lotus Notes | 2016-10-18 | 5.0 MEDIUM | N/A |
| IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | |||||
| CVE-2005-2623 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-18 | 5.0 MEDIUM | N/A |
| ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost. | |||||
| CVE-2005-2624 | 1 Cpaint | 1 Cpaint | 2016-10-18 | 5.0 MEDIUM | N/A |
| Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement. | |||||
| CVE-2005-2625 | 1 Cpaint | 1 Cpaint | 2016-10-18 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist. | |||||
| CVE-2005-2633 | 1 Phptb | 1 Topic Boards | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. | |||||
| CVE-2005-2637 | 1 Phpfreenews | 1 Phpfreenews | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php. | |||||
| CVE-2005-2638 | 1 Phpfreenews | 1 Phpfreenews | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php. | |||||
| CVE-2005-2639 | 1 Valusoft | 1 Chris Moneymakers World Poker Championship | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||||
| CVE-2005-2640 | 3 Juniper, Neoteris, Netscreen | 16 Netscreen-5gt, Netscreen-idp, Netscreen-idp 10 and 13 more | 2016-10-18 | 5.0 MEDIUM | N/A |
| Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. | |||||
| CVE-2005-2643 | 1 Tor | 1 Tor | 2016-10-18 | 5.0 MEDIUM | N/A |
| Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. | |||||
| CVE-2005-2664 | 1 Whisper32 | 1 Whisper32 | 2016-10-18 | 2.1 LOW | N/A |
| Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory. | |||||
| CVE-2005-2665 | 1 Elm Development Group | 1 Elm | 2016-10-18 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header. | |||||
| CVE-2005-2674 | 1 Neocrome | 1 Land Down Under | 2016-10-18 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." | |||||