Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0843 | 1 Phorum | 1 Phorum | 2016-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. | |||||
| CVE-2005-0909 | 1 Tkais Shoutbox | 1 Tkais Shoutbox | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter. | |||||
| CVE-2005-0905 | 1 Maxthon | 1 Maxthon | 2016-10-18 | 2.6 LOW | N/A |
| Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property. | |||||
| CVE-2005-0903 | 1 Apple | 1 Quicktime Pictureviewer | 2016-10-18 | 2.6 LOW | N/A |
| Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data. | |||||
| CVE-2005-0928 | 1 Photopost | 1 Photopost Php Pro | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php. | |||||
| CVE-2005-0902 | 1 Nukebookmarks | 1 Nukebookmarks | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
| CVE-2005-0901 | 1 Nukebookmarks | 1 Nukebookmarks | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter. | |||||
| CVE-2005-0900 | 1 Nukebookmarks | 1 Nukebookmarks | 2016-10-18 | 5.0 MEDIUM | N/A |
| marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message. | |||||
| CVE-2005-0899 | 1 Ibm | 1 Os 400 | 2016-10-18 | 2.1 LOW | N/A |
| AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search. | |||||
| CVE-2005-0929 | 1 Photopost | 1 Photopost Php Pro | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php. | |||||
| CVE-2005-0898 | 1 Magicscripts | 1 E-store Kit-2 | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter. | |||||
| CVE-2005-0935 | 1 Esmi | 1 Paypal Storefront | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php. | |||||
| CVE-2005-0936 | 1 Esmi | 1 Paypal Storefront | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-0938 | 1 Uapplication | 1 Ublog Reload | 2016-10-18 | 5.0 MEDIUM | N/A |
| Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. | |||||
| CVE-2005-0897 | 1 Magicscripts | 1 E-store Kit-2 | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0895 | 1 Netcomm | 1 Nb1300 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets. | |||||
| CVE-2005-0894 | 1 Openmosixview | 1 Openmosixview | 2016-10-18 | 3.6 LOW | N/A |
| OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. | |||||
| CVE-2005-0946 | 1 Coinsoft Technologies | 1 Phpcoin | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the (1) term/keywords field on the search page, (2) username or (3) e-mail field on the forgot password page, or (4) domain name on the ordering new package page. | |||||
| CVE-2005-0893 | 1 Smail | 1 Smail | 2016-10-18 | 7.6 HIGH | N/A |
| modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc. | |||||
| CVE-2005-0892 | 1 Smail | 1 Smail | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands. | |||||
| CVE-2005-0875 | 1 Cerulean Studios | 1 Trillian | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
| CVE-2005-0874 | 1 Cerulean Studios | 1 Trillian | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header. | |||||
| CVE-2005-0873 | 1 Oracle | 1 10g Reports Server | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. | |||||
| CVE-2005-0842 | 1 Kayako | 1 Esupport | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter. | |||||
| CVE-2005-0868 | 4 Bosanova, Ibm, Mochasoft and 1 more | 4 Launcher400, Client Access, Tn5250 and 1 more | 2016-10-18 | 7.5 HIGH | N/A |
| AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC. | |||||
| CVE-2005-0846 | 1 Netwin | 1 Surgemail | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field. | |||||
| CVE-2005-0845 | 1 Netwin | 1 Surgemail | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a .. (dot dot) in the attach_id parameter. | |||||
| CVE-2005-0836 | 1 Sun | 1 J2se | 2016-10-18 | 10.0 HIGH | N/A |
| Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file. | |||||
| CVE-2005-0726 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter. | |||||
| CVE-2005-0798 | 1 Novell | 1 Ichain | 2016-10-18 | 7.5 HIGH | N/A |
| Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does not limit the number of incorrect logins, which makes it easier for remote attackers to conduct brute force login attacks. | |||||
| CVE-2005-0768 | 1 Goodtech Systems | 1 Goodtech Telnet Server | 2016-10-18 | 10.0 HIGH | N/A |
| Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380. | |||||
| CVE-2005-0770 | 1 Datarescue | 1 Ida Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a dynamic link library (DLL) name. | |||||
| CVE-2005-0723 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php. | |||||
| CVE-2005-0722 | 1 Experience2 | 1 Experience2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| eXPerience2 allows remote attackers to obtain the full path for the web root via a direct request to modules.php without any parameters, which leaks the path in a PHP error message. | |||||
| CVE-2005-0801 | 1 Includer.cgi | 1 Includer.cgi | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a .. (dot dot) or (2) a full pathname in the URL. | |||||
| CVE-2005-0796 | 1 Hola | 1 Holacms | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory. | |||||
| CVE-2005-0829 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters. | |||||
| CVE-2005-0780 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9) backupdb.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0793 | 1 Zpanel | 1 Zpanel | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows remote attackers to (1) execute arbitrary PHP code in ZPanel 2.0 or (2) include local files in ZPanel 2.5 beta 10 and earlier by modifying the page parameter. | |||||
| CVE-2005-0804 | 1 Mailenable | 1 Mailenable Standard | 2016-10-18 | 5.0 MEDIUM | N/A |
| Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field. | |||||
| CVE-2005-0724 | 1 Php Arena | 1 Pafiledb | 2016-10-18 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0784 | 1 Phorum | 1 Phorum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel. | |||||
| CVE-2005-0783 | 1 Phorum | 1 Phorum | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. | |||||
| CVE-2005-0754 | 5 Conectiva, Gentoo, Kde and 2 more | 6 Linux, Linux, Kde and 3 more | 2016-10-18 | 7.5 HIGH | N/A |
| Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0615 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | |||||
| CVE-2005-0647 | 1 Php Arena | 1 Panews | 2016-10-18 | 5.0 MEDIUM | N/A |
| admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | |||||
| CVE-2005-0628 | 1 Demof | 1 Forumwa | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message. | |||||
| CVE-2005-0617 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | |||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | |||||
| CVE-2005-0645 | 1 Cutephp | 1 Cutenews | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php. | |||||