Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4031 | 1 Mediawiki | 1 Mediawiki | 2011-03-08 | 7.5 HIGH | N/A |
| Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function. | |||||
| CVE-2005-4030 | 1 Quicksilver Forums | 1 Quicksilver Forums | 2011-03-08 | 5.1 MEDIUM | N/A |
| SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header. | |||||
| CVE-2005-4024 | 1 Interspire | 1 Fastfind | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2005-4020 | 1 Widget Press | 1 Widget Imprint | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter. | |||||
| CVE-2005-4018 | 1 Landshop | 1 Real Estate Commerce System | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) search_type, (4) search_area, and (5) keyword parameters. | |||||
| CVE-2005-4016 | 1 Widget Press | 1 Widget Property | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id parameters to property.php. | |||||
| CVE-2005-4005 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. | |||||
| CVE-2005-4004 | 1 Infinetsoftware | 1 Mytemplatesite | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4001 | 1 Phpyellow | 2 Phpyellowtm Lite, Phpyellowtm Pro | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. | |||||
| CVE-2005-3993 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2011-03-08 | 7.8 HIGH | N/A |
| Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. | |||||
| CVE-2005-3989 | 1 Avaya | 1 Tn2602ap Ip Media Resource 320 Circuit Pack | 2011-03-08 | 7.8 HIGH | N/A |
| Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. | |||||
| CVE-2005-3988 | 1 Pineapple Technologies | 1 Lore | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3985 | 1 Astaro | 1 Security Linux | 2011-03-08 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-3978 | 1 Scriptdevelopers.net | 1 Netclassifieds | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition 1.0.1, Professional Edition 1.5.1, Standard Edition 1.9.6.3, and Free Edition 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter in (a) ViewCat.php and (b) gallery.php, and the (2) ItemNum parameter in (c) ViewItem.php. | |||||
| CVE-2005-3977 | 1 Qualityebiz | 1 Qualityppc | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module. | |||||
| CVE-2005-3972 | 1 Extreme Corporate | 1 Extreme Search | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in extremesearch.php in Extreme Search Corporate Edition 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-3970 | 1 Mxchange | 1 Mxchange | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-3969 | 1 Mxchange | 1 Mxchange | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3967 | 1 Atlassian | 1 Confluence | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the dosearchsite.action module in Atlassian Confluence 2.0.1 Build 321 allows remote attackers to inject arbitrary web script or HTML via the searchQuery.queryString search module parameter. | |||||
| CVE-2005-3966 | 1 Java Search Engine | 1 Java Search Engine | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-3944 | 1 Faq System | 1 Faq System | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter. | |||||
| CVE-2005-3943 | 1 Faq System | 1 Faq System | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter in (b) index.php. | |||||
| CVE-2005-3942 | 1 Greywyvern | 1 Orca Knowledgebase | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. | |||||
| CVE-2005-3941 | 1 Greywyvern | 1 Orca Blog | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | |||||
| CVE-2005-3940 | 1 Greywyvern | 1 Orca Ringmaker | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-3933 | 1 88script | 1 88script Event Calendar | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 88Script's Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. | |||||
| CVE-2005-3932 | 1 O-kiraku Nikki | 1 O-kiraku Nikki | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the day_id parameter. | |||||
| CVE-2005-3925 | 1 Helpdesk Issue Manager | 1 Helpdesk Issue Manager | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Central Manchester CLC Helpdesk Issue Manager 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) detail[], (2) orderdir, and (3) orderby parameters to find.php, and the (4) id parameter to issue.php. | |||||
| CVE-2005-3924 | 1 Randshop | 1 Randshop | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters. | |||||
| CVE-2005-3923 | 1 Netobjects | 1 Netobjects Fusion | 2011-03-08 | 5.0 MEDIUM | N/A |
| NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive information, including passwords, by downloading the _versioning_repository_/rollbacklog.xml file, then using it to download and modify the associated ZIP file to edit and republish the site. | |||||
| CVE-2005-3951 | 1 Php Labs | 1 Survey Wizard | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. | |||||
| CVE-2005-3917 | 1 Commodityrentals | 1 Commodityrentals | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usersession in CommodityRentals 2.0 Online Rental Business Creator script allows remote attackers to execute arbitrary SQL commands via the user_id parameter. | |||||
| CVE-2005-3916 | 1 Wsn Forum | 1 Wsn Forum | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. | |||||
| CVE-2005-3915 | 1 Clavister | 2 Clavister Firewall, Clavister Security Gateway | 2011-03-08 | 7.5 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-3914 | 1 Affcommerce | 1 Affcommerce | 2011-03-08 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php. | |||||
| CVE-2005-3913 | 1 Vchs | 1 Vchs | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the domain alias management in Virtual Hosting Control System (VHCS) 2.4.6.2, related to "creating and deleting forwards for domain aliases," allows users to hijack the forwardings of other users. | |||||
| CVE-2005-3911 | 1 Bosdev | 1 Bosdates | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) category parameters. | |||||
| CVE-2005-3900 | 1 Macromedia | 1 Breeze | 2011-03-08 | 7.8 HIGH | N/A |
| Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2005-3886 | 1 Cisco | 1 Security Agent | 2011-03-08 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and 4.5.1 agents, when running on Windows systems, allows local users to bypass protections and gain system privileges by executing certain local software. | |||||
| CVE-2005-3882 | 1 Faqsystems | 1 Faqring Knowledge Base Software | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3880 | 1 Omnistar Interactive | 1 Omnistar Kbase | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter in users/comments.php, (2) category_id and (3) id parameters in users/kb.php. | |||||
| CVE-2005-3878 | 1 Alex King | 1 Php Doc System | 2011-03-08 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter. | |||||
| CVE-2005-3876 | 1 Td-systems | 2 Adc2000 Ng Pro, Adc2000 Ng Pro Lite | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters. | |||||
| CVE-2005-3875 | 1 Enterprise Heart | 1 Enterprise Connector | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php. | |||||
| CVE-2005-3874 | 1 Weaverslave | 1 Netzbrett | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php. | |||||
| CVE-2005-3873 | 1 Sourceshock | 1 Shockboard | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 allows remote attackers to execute arbitrary SQL commands via the offset parameter. | |||||
| CVE-2005-3872 | 1 Ugroup | 1 Ugroup | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php. | |||||
| CVE-2005-3871 | 1 Jbb | 1 Jbb | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php. | |||||
| CVE-2005-3870 | 1 Edmobbs | 1 Edmobbs | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters. | |||||
| CVE-2005-3868 | 1 Turn-k | 1 K-search | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request. | |||||