Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2675 | 1 Neocrome | 1 Land Down Under | 2016-10-18 | 7.5 HIGH | N/A |
| ** DISPUTED ** Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." | |||||
| CVE-2005-2683 | 1 Phpkit | 1 Phpkit | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | |||||
| CVE-2005-2699 | 1 Phpkit | 1 Phpkit | 2016-10-18 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE. | |||||
| CVE-2005-2722 | 1 Foojan | 1 Php Weblog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. | |||||
| CVE-2005-2731 | 1 Astaro | 1 Security Linux | 2016-10-18 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl. | |||||
| CVE-2005-2732 | 1 Awstats | 1 Awstats | 2016-10-18 | 5.0 MEDIUM | N/A |
| AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | |||||
| CVE-2005-2586 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 2.1 LOW | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | |||||
| CVE-2005-2582 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2016-10-18 | 3.6 LOW | N/A |
| Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing. | |||||
| CVE-2005-2552 | 1 Hp | 1 Proliant Dl585 | 2016-10-18 | 7.5 HIGH | N/A |
| Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down." | |||||
| CVE-2005-2583 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 7.5 HIGH | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. | |||||
| CVE-2005-2538 | 1 Flatnuke | 1 Flatnuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | |||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 7.2 HIGH | N/A |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. | |||||
| CVE-2005-2556 | 1 Mantis | 1 Mantis | 2016-10-18 | 7.5 HIGH | N/A |
| core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956. | |||||
| CVE-2005-2621 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-18 | 5.0 MEDIUM | N/A |
| index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-2537 | 1 Flatnuke | 1 Flatnuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | |||||
| CVE-2005-2563 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template. | |||||
| CVE-2005-2622 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. | |||||
| CVE-2005-2579 | 1 Nortel | 1 Contivity | 2016-10-18 | 7.2 HIGH | N/A |
| Nortel Contivity VPN Client V05_01.030, when configuring a certificate to be used as authentication, does not properly drop system privileges, which allows local users to gain privileges by opening a program with the File Open dialog box. | |||||
| CVE-2005-2577 | 1 Wyse | 1 Winterm | 2016-10-18 | 5.0 MEDIUM | N/A |
| Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote attackers to cause a denial of service (device crash) via a packet with a zero in the IP option length field. | |||||
| CVE-2005-2561 | 1 Myfaq | 1 Myfaq | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3. | |||||
| CVE-2005-2560 | 1 Ader Software | 1 Cfbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-2542 | 1 Invision Power Services | 1 Invision Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. | |||||
| CVE-2005-2543 | 1 Comdev | 1 Comdev Ecommerce | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter. | |||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | |||||
| CVE-2005-2571 | 1 Funkboard | 1 Funkboard | 2016-10-18 | 6.4 MEDIUM | N/A |
| FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php. | |||||
| CVE-2005-2546 | 1 Arab Portal | 1 Arab Portal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called. | |||||
| CVE-2005-2559 | 1 E107 | 1 E107 | 2016-10-18 | 7.5 HIGH | N/A |
| doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such as ">" and "&" in the eping_host parameter, which is not handled by the validation function. | |||||
| CVE-2005-2585 | 1 Mentor | 1 Adslfr4ii | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan. | |||||
| CVE-2005-2576 | 1 Calogic | 1 Calogic | 2016-10-18 | 5.0 MEDIUM | N/A |
| CaLogic 1.22, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) doclsqlres.php, (2) clmcpreload.php, (3) viewhistlog.php, (4) mcconfig.php, (5) doclsqlbak.php, (6) defcalsel.php, or (7) cl_minical.php, which reveals the path in an error message. | |||||
| CVE-2005-2566 | 1 Openbb | 1 Openbb | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter to board.php or (2) UID parameter to member.php. | |||||
| CVE-2005-2567 | 1 Syscp Team | 1 Syscp | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. | |||||
| CVE-2005-2568 | 1 Syscp Team | 1 Syscp | 2016-10-18 | 7.5 HIGH | N/A |
| Eval injection vulnerability in the template engine for SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via a string containing the code within "{" and "}" (curly bracket) characters, which are processed by the PHP eval function. | |||||
| CVE-2005-2569 | 1 Funkboard | 1 Funkboard | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard 0.66CF, and possibly earlier versions, allow remote attackers to inject arbitrary web script or HTML via the fbusername or fbpassword parameter to (1) editpost.php, (2) prefs.php, (3) newtopic.php, (4) reply.php, or (5) profile.php, the (6) fbusername, (7) fmail, (8) www, (9) icq, (10) yim, (11) location, (12) sex, (13) interebbies, (14) sig or (15) aim parameter to register.php, or (16) subject parameter to newtopic.php. | |||||
| CVE-2005-2570 | 1 Funkboard | 1 Funkboard | 2016-10-18 | 5.0 MEDIUM | N/A |
| FunkBoard 0.66CF, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to forums.php, which reveals the path in an error message. | |||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 6.4 MEDIUM | N/A |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | |||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 2.1 LOW | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||
| CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2016-10-18 | 5.0 MEDIUM | N/A |
| ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | |||||
| CVE-2005-2460 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. | |||||
| CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2016-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | |||||
| CVE-2005-2431 | 1 Gforge | 1 Gforge | 2016-10-18 | 5.0 MEDIUM | N/A |
| The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). | |||||
| CVE-2005-2464 | 1 Pcxp Toppe Cms | 1 Pcxp Toppe Cms | 2016-10-18 | 7.5 HIGH | N/A |
| login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | |||||
| CVE-2005-2468 | 1 Mysql | 1 Eventum | 2016-10-18 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. | |||||
| CVE-2005-2467 | 1 Mysql | 1 Eventum | 2016-10-18 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | |||||
| CVE-2005-2465 | 2 Pc-experience, Toppe | 2 Pc-experience, Toppe Cms | 2016-10-18 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. | |||||
| CVE-2005-2298 | 1 Softwin | 1 Bitdefender Engine | 2016-10-18 | 5.0 MEDIUM | N/A |
| BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards. | |||||
| CVE-2005-2297 | 1 Sybase | 1 Easerver | 2016-10-18 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. | |||||
| CVE-2005-2379 | 1 Oracle | 1 Reports | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports 9.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) debug parameter to showenv, (2) test parameter to parsequery, or (3) delimiter or (4) CELLWRAPPER parameter to rwservlet. | |||||
| CVE-2005-2296 | 1 Yabb | 1 Yabb | 2016-10-18 | 5.0 MEDIUM | N/A |
| YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | |||||
| CVE-2005-2346 | 1 Novell | 1 Groupwise | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section. | |||||