Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2193 | 1 Punbb | 1 Punbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. | |||||
| CVE-2005-2111 | 1 Community Link Pro Web Editor | 1 Community Link Pro Web Editor | 2016-10-18 | 7.5 HIGH | N/A |
| login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. | |||||
| CVE-2005-2112 | 1 Xoops | 1 Xoops | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | |||||
| CVE-2005-2113 | 1 Xoops | 1 Xoops | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | |||||
| CVE-2005-2115 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation. | |||||
| CVE-2005-2220 | 1 Incredible Interactive | 1 Dragonfly Commerce | 2016-10-18 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Dragonfly Commerce allows remote attackers to change a product price by modifying the x_DragonflyCartProductPrice hidden field to (1) dc_Categorieslist.asp, (2) dc_Categoriesview.asp, (3) dc_productslist.asp, and (4) dc_productslist_Clearance.asp. NOTE: the vendor has disputed this issue, saying that "Dragonfly Commerce does not allow for editing prices nor does it allow for viewing information about clients stored in the database except by the store owner and authorized staff as appointed in the store administration." However, SecurityTracker claims that they have been able to confirm the problem. | |||||
| CVE-2005-2227 | 1 Softiacom | 1 Wmailserver | 2016-10-18 | 7.2 HIGH | N/A |
| Softiacom wMailserver 1.0 stores passwords in plaintext in the Darsite\MAILSRV\Admin key, which allows local users to gain administrator privileges. | |||||
| CVE-2005-2229 | 1 Blog Torrent | 1 Blog Torrent | 2016-10-18 | 7.5 HIGH | N/A |
| Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such as account names and password hashes, as demonstrated using data/newusers. | |||||
| CVE-2005-2064 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. | |||||
| CVE-2005-2046 | 1 Duware | 1 Duamazon Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | |||||
| CVE-2005-2063 | 1 Active Web Softwares | 1 Activebuyandsell | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp. | |||||
| CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | |||||
| CVE-2005-2058 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | |||||
| CVE-2005-2049 | 1 Duware | 1 Duclassmate | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp. | |||||
| CVE-2005-2082 | 1 Cgi-club | 1 Imtrset | 2016-10-18 | 5.0 MEDIUM | N/A |
| im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter. | |||||
| CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | |||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | |||||
| CVE-2005-2009 | 1 Ublog | 1 Reload | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | |||||
| CVE-2005-2010 | 1 Uapplication | 1 Ublog Reload | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. | |||||
| CVE-2005-2011 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta 4 allow remote attackers to inject arbitrary web script or HTML, as demonstrated via the id parameter in a Question action. | |||||
| CVE-2005-2051 | 1 Symantec Veritas | 1 Backup Exec | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2012 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | |||||
| CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
| CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2016-10-18 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | |||||
| CVE-2005-2014 | 1 Php Arena | 1 Pafaq | 2016-10-18 | 4.6 MEDIUM | N/A |
| The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | |||||
| CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | |||||
| CVE-2005-2106 | 1 Drupal | 1 Drupal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | |||||
| CVE-2005-2060 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | |||||
| CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | |||||
| CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | |||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2016-10-18 | 5.0 MEDIUM | N/A |
| Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | |||||
| CVE-2005-2084 | 1 Telligent Systems | 1 Community Server Forums | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-2065 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | |||||
| CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2005-2067 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
| CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | |||||
| CVE-2005-1950 | 1 Darryl Burgdorf | 1 Webhints | 2016-10-18 | 7.5 HIGH | N/A |
| hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php. | |||||
| CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | |||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | |||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | |||||
| CVE-2005-2002 | 1 Mambo | 1 Mambo | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | |||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | |||||
| CVE-2005-1955 | 1 Singapore | 1 Singapore | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
| CVE-2005-2000 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. | |||||