Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3865 | 1 Scripts-templates | 1 Allweb Search | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter. | |||||
| CVE-2005-3864 | 1 Berlios | 1 Sourcewell | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2. | |||||
| CVE-2005-3950 | 1 Nufw | 1 Nufw | 2011-03-08 | 6.8 MEDIUM | N/A |
| nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. | |||||
| CVE-2005-3855 | 1 Easybe | 1 1-2-3 Music Store | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter. | |||||
| CVE-2005-3853 | 1 Solucija | 1 Snews | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php. | |||||
| CVE-2005-3851 | 1 Onlinetechtools.com | 1 Oasys Lite | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter. | |||||
| CVE-2005-3850 | 1 Onlinetechtools.com | 1 Okbsys Lite | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter. | |||||
| CVE-2005-3844 | 1 Phpwordpress | 1 Php News And Article Manager | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action. | |||||
| CVE-2005-3842 | 1 Pdjkeelan.com | 1 Pdjk-support Suite | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters. | |||||
| CVE-2005-3841 | 1 Kplaylist | 1 Kplaylist | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter. | |||||
| CVE-2005-3839 | 1 Supportpro | 1 Supportdesk | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options. | |||||
| CVE-2005-3838 | 1 Isolsoft | 1 Support Center | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter. | |||||
| CVE-2005-3837 | 1 Scssboard | 1 Scssboard | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. | |||||
| CVE-2005-3836 | 1 Desklance | 1 Desklance | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter. | |||||
| CVE-2005-3834 | 1 Tunez | 1 Tunez | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter. | |||||
| CVE-2005-3833 | 1 Tunez | 1 Tunez | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter. | |||||
| CVE-2005-3830 | 1 Activecampaign | 1 Supporttrio | 2011-03-08 | 5.0 MEDIUM | N/A |
| index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability. | |||||
| CVE-2005-3829 | 1 Activecampaign | 1 Knowledgebuilder | 2011-03-08 | 7.8 HIGH | N/A |
| index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of SQL queries to be processed. | |||||
| CVE-2005-3828 | 1 Activecampaign | 1 Knowledgebuilder | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter. | |||||
| CVE-2005-3827 | 1 Agileco | 1 Agilebill | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-3826 | 1 Ezy Helpdesk | 1 Ezyhelpdesk | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4) the search engine, possibly involving the search_string parameter. | |||||
| CVE-2005-3825 | 1 Comdev | 1 Comdev Vote Caster | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action. | |||||
| CVE-2005-3816 | 1 Zoneo-soft | 1 Freeforum | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter in thread mode. | |||||
| CVE-2005-3815 | 1 Greywyvern | 1 Orca Forum | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. | |||||
| CVE-2005-3814 | 1 Orbitscripts | 1 Smartppc Pro | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and (3) search.php. | |||||
| CVE-2005-3786 | 1 Novell | 3 Zenworks, Zenworks Desktops, Zenworks Servers | 2011-03-08 | 4.6 MEDIUM | N/A |
| Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policies by using Console One. | |||||
| CVE-2005-3785 | 1 Gentoo | 1 Linux Eix | 2011-03-08 | 5.0 MEDIUM | N/A |
| Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. | |||||
| CVE-2005-3780 | 1 Ipupdate | 1 Ipupdate | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records. | |||||
| CVE-2005-3773 | 1 Joomla | 1 Joomla | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions." | |||||
| CVE-2005-3771 | 1 Joomla | 1 Joomla | 2011-03-08 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF". | |||||
| CVE-2005-3768 | 1 Symantec | 10 Enterprise Firewall, Firewall Vpn Appliance 100, Firewall Vpn Appliance 200 and 7 more | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | |||||
| CVE-2005-3742 | 1 Advanced Poll | 1 Advanced Poll | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. | |||||
| CVE-2005-3740 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. | |||||
| CVE-2005-3739 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. | |||||
| CVE-2005-3737 | 1 Inkscape | 1 Inkscape | 2011-03-08 | 5.1 MEDIUM | N/A |
| Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values. | |||||
| CVE-2005-3726 | 1 Interspire | 1 Articlelive Nx | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows remote attackers to execute arbitrary SQL commands via the Query parameter. | |||||
| CVE-2005-3702 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. | |||||
| CVE-2005-3696 | 1 Arki-db | 1 Arki-db | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a view action (view.php) to index.php. | |||||
| CVE-2005-3733 | 1 Juniper | 8 Junos E, Junos J, Junos M and 5 more | 2011-03-08 | 7.5 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-3718 | 1 Utstarcom | 1 F1000 Voip Wifi Phone | 2011-03-08 | 7.5 HIGH | N/A |
| UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 does not allow users to disable access to (1) SNMP or (2) the rlogin port TCP 513, which allows remote attackers to exploit other vulnerabilities such as CVE-2005-3716, or execute arbitrary shell commands via rlogin, which does not require authentication. | |||||
| CVE-2005-3735 | 1 Coastal Data Management | 1 E-quick Cart | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shopprojectlogin.asp, and (3) id parameter in shoptellafriend.asp. | |||||
| CVE-2005-3716 | 1 Utstarcom | 1 F1000 Wi-fi Handset | 2011-03-08 | 5.0 MEDIUM | N/A |
| The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has hard-coded public credentials that cannot be changed, which allows attackers to obtain sensitive information. | |||||
| CVE-2005-3717 | 1 Utstarcom | 1 F1000 Voip Wifi Phone | 2011-03-08 | 7.5 HIGH | N/A |
| The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username "target" and password "password", which allows remote attackers to gain full access to the system. | |||||
| CVE-2005-3715 | 1 Senao | 1 Si-680h Wireless Voip Phone | 2011-03-08 | 7.5 HIGH | N/A |
| Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the VxWorks debugger UDP port 17185 available without authentication, which allows attackers to access the phone OS, obtain sensitive information, and cause a denial of service. | |||||
| CVE-2005-3509 | 1 Jportal | 1 Jportal Web Portal | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php. | |||||
| CVE-2005-3652 | 1 Citrix | 1 Ica Program Neighborhood Client | 2011-03-08 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 and earlier allows remote attackers to execute arbitrary code via a long name value in an Application Set response. | |||||
| CVE-2005-3572 | 1 Peel | 1 Peel | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Peel 2.6 through 2.7 allows remote attackers to execute arbitrary SQL commands via the rubid parameter. | |||||
| CVE-2005-3654 | 1 Bluecoat | 1 Webproxy | 2011-03-08 | 7.5 HIGH | N/A |
| Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap. | |||||
| CVE-2005-3504 | 1 Ibm | 1 Aix | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code. | |||||
| CVE-2005-3639 | 1 Ubertec | 1 Help Center Live | 2011-03-08 | 7.5 HIGH | N/A |
| PHP file inclusion vulnerability in the osTicket module in Help Center Live before 2.0.3 allows remote attackers to access or include arbitrary files via the file parameter, possibly due to a directory traversal vulnerability. | |||||