Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0646 | 1 Php Arena | 1 Panews | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | |||||
| CVE-2005-0616 | 1 Postnuke Software Foundation | 1 Postnuke Phoenix | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. | |||||
| CVE-2005-0622 | 1 Raidenhttpd | 1 Raidenhttpd | 2016-10-18 | 5.0 MEDIUM | N/A |
| RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space. | |||||
| CVE-2005-0621 | 1 Enlight Software | 1 Scrapland | 2016-10-18 | 5.0 MEDIUM | N/A |
| Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets. | |||||
| CVE-2005-0604 | 1 Gfi | 1 Languard Network Security Scanner | 2016-10-18 | 4.6 MEDIUM | N/A |
| lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. | |||||
| CVE-2005-0632 | 1 Phpnews | 1 Phpnews | 2016-10-18 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 and possibly 1.2.3, allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2005-0623 | 1 Raidenhttpd | 1 Raidenhttpd | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2005-0614 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | |||||
| CVE-2005-0721 | 1 Gamearena | 1 Experience2 | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0655 | 1 Arif Supriyanto | 1 Auracms | 2016-10-18 | 5.0 MEDIUM | N/A |
| auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | |||||
| CVE-2005-0694 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-18 | 5.0 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | |||||
| CVE-2005-0695 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-18 | 5.0 MEDIUM | N/A |
| The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | |||||
| CVE-2005-0691 | 1 Socialmpn | 1 Socialmpn | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0690 | 1 Gene6 | 1 G6 Ftp Server | 2016-10-18 | 2.1 LOW | N/A |
| Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command. | |||||
| CVE-2005-0689 | 1 Jimmy | 1 The Includer | 2016-10-18 | 7.5 HIGH | N/A |
| includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter. | |||||
| CVE-2005-0658 | 1 Cmw Linklist | 1 Cmw Linklist | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. | |||||
| CVE-2005-0674 | 1 Php Arena | 1 Pabox | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request. | |||||
| CVE-2005-0678 | 1 Stadtaus | 1 Form Mail Script | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0680 | 1 Stadtaus | 1 Download Center Lite | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0633 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. | |||||
| CVE-2005-0656 | 1 Arif Supriyanto | 1 Auracms | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php. | |||||
| CVE-2005-0692 | 1 Php Fusion | 1 Php Fusion | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. | |||||
| CVE-2005-0659 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 5.0 MEDIUM | N/A |
| phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0526 | 1 Pblang | 1 Pblang | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. | |||||
| CVE-2005-0541 | 1 Cyclades | 1 Alterpath Manager | 2016-10-18 | 7.5 HIGH | N/A |
| consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | |||||
| CVE-2005-0549 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function. | |||||
| CVE-2005-0540 | 1 Cyclades | 1 Alterpath Manager | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page. | |||||
| CVE-2005-0532 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. | |||||
| CVE-2005-0537 | 1 Igeneric | 1 Free Shopping Cart | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | |||||
| CVE-2005-0542 | 1 Cyclades | 1 Alterpath Manager | 2016-10-18 | 4.6 MEDIUM | N/A |
| saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true. | |||||
| CVE-2005-0516 | 1 Twiki | 1 Imagegalleryplugin | 2016-10-18 | 7.5 HIGH | N/A |
| The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. | |||||
| CVE-2005-0511 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 7.5 HIGH | N/A |
| misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | |||||
| CVE-2005-0509 | 2 Microsoft, Mono | 2 .net Framework, Mono | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | |||||
| CVE-2005-0507 | 1 Gd Software | 1 Sd Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request. | |||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | |||||
| CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | |||||
| CVE-2005-0493 | 1 Seth M. Knorr | 1 Biz Mail Form | 2016-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter. | |||||
| CVE-2005-0568 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference. | |||||
| CVE-2005-0575 | 1 Stormy Studios | 1 Knet | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2005-0573 | 1 Rob Flynn | 1 Gaim | 2016-10-18 | 5.0 MEDIUM | N/A |
| Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. | |||||
| CVE-2005-0602 | 1 Info-zip | 1 Unzip | 2016-10-18 | 6.2 MEDIUM | N/A |
| Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | |||||
| CVE-2005-0513 | 1 Pmachine | 1 Pmachine Pro | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. | |||||
| CVE-2005-0371 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2016-10-18 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data. | |||||
| CVE-2005-0369 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2016-10-18 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array. | |||||
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | |||||
| CVE-2005-0370 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2016-10-18 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket. | |||||
| CVE-2005-0429 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 5.0 MEDIUM | N/A |
| Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | |||||
| CVE-2005-0417 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 10.0 HIGH | N/A |
| Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. | |||||
| CVE-2005-0430 | 1 Id Software | 1 Quake 3 Engine | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | |||||