Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4477 | 1 Papaya | 1 Papaya Cms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter. | |||||
| CVE-2005-4480 | 1 Plexcor | 1 Plexcor Cms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4481 | 1 Polopoly | 1 Polopoly | 2008-09-20 | 6.8 MEDIUM | N/A |
| ** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package. | |||||
| CVE-2005-4486 | 1 Quantum Art | 1 Qp7 Enterprise | 2008-09-20 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in Quantum Art QP7.Enterprise (formerly Q-Publishing) allows remote attackers to execute arbitrary SQL commands via the p_news_id parameter to (1) news_and_events_new.asp and (2) news.asp. NOTE: on 20060227, the vendor disputed the accuracy of this report, saying that the p_news_id, news_and_events_new.asp, and news.asp are not specifically part of their product, although they could be dynamically generated through use of the product. Some investigation by CVE suggests evidence that the news_and_events_new.asp page has at least a forced invalid SQL syntax error, but this could not be repeated for news.asp. | |||||
| CVE-2005-4498 | 1 Text-e | 1 Text-e Cms | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4512 | 1 Waxtrapp | 1 Waxtrapp | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. | |||||
| CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-4619 | 1 Phpoutsourcing | 1 Zorum | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method. | |||||
| CVE-2005-4621 | 1 Jelsoft | 1 Vbulletin | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg. | |||||
| CVE-2005-4628 | 1 Help Desk Point Software | 1 Helpdeskpoint | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | |||||
| CVE-2005-4629 | 1 Smbcms | 1 Smbcms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters. | |||||
| CVE-2005-4631 | 1 Ryan Lath | 1 Zina | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2005-4632 | 1 Vote Pro | 1 Vote Pro | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter. | |||||
| CVE-2005-4634 | 1 Activecampaign | 1 Supporttrio | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the provenance of this information is unknown because the source URL is not available; the details are obtained solely from third party information. | |||||
| CVE-2005-4640 | 1 Class-1 | 1 Poll Software | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters. | |||||
| CVE-2005-4641 | 1 Eazycms | 1 Eazycms | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. | |||||
| CVE-2005-4651 | 1 Alstrasoft | 1 Epay | 2008-09-20 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter. | |||||
| CVE-2005-4719 | 1 Sysbotz | 1 Systems Panel | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php. | |||||
| CVE-2005-4743 | 1 Nelogic Technologies | 1 Nephp Publisher | 2008-09-20 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters. | |||||
| CVE-2005-4781 | 1 Sergids | 1 Top Music Module | 2008-09-20 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php. | |||||
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | |||||
| CVE-2005-4233 | 1 Php Web Scripts | 1 Ad Manager Pro | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | |||||
| CVE-2005-4240 | 1 Vcd-db | 1 Vcd-db | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | |||||
| CVE-2005-4289 | 1 Edatcat | 1 Edatcat Shopping Cart System | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter. | |||||
| CVE-2005-4303 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter. | |||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 5.0 MEDIUM | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | |||||
| CVE-2005-4308 | 1 Scriptscenter | 1 Ezupload Pro | 2008-09-20 | 7.5 HIGH | N/A |
| index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter. | |||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2008-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. | |||||
| CVE-2005-4335 | 1 Courseforum | 1 Projectforum | 2008-09-20 | 7.8 HIGH | N/A |
| ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. | |||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2008-09-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | |||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2008-09-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | |||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | |||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | |||||
| CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | |||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2008-09-20 | 5.0 MEDIUM | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | |||||
| CVE-2005-4027 | 1 Simplemedia | 1 Simplebbs | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. | |||||
| CVE-2008-4099 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use random source ports or transaction IDs for DNS requests, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. | |||||
| CVE-2008-4126 | 1 Debian | 2 Linux, Python-dns | 2008-09-19 | 6.4 MEDIUM | N/A |
| PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use random source ports for DNS requests and does not use random transaction IDs for DNS retries, which makes it easier for remote attackers to spoof DNS responses, a different vulnerability than CVE-2008-1447. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4099. | |||||
| CVE-2008-3791 | 1 Lxde | 1 Lightweight X11 Desktop Environment | 2008-09-17 | 4.6 MEDIUM | N/A |
| src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rot.jpg temporary file. | |||||
| CVE-2008-3876 | 1 Apple | 1 Iphone | 2008-09-17 | 1.9 LOW | N/A |
| Apple iPhone 2.0.2, in some configurations, allows physically proximate attackers to bypass intended access restrictions, and obtain sensitive information or make arbitrary use of the device, via an Emergency Call tap and a Home double-tap, followed by a tap of any contact's blue arrow. | |||||
| CVE-2008-4042 | 2008-09-17 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3889. Reason: This candidate is a duplicate of CVE-2008-3889. Notes: All CVE users should reference CVE-2008-3889 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-4079 | 1 Six Apart | 1 Movable Type | 2008-09-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x through 4.20, and 3.36 and earlier; Movable Type Enterprise 4.x through 4.20, and 1.54 and earlier; and Movable Type Community Solution allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2008-4055 | 1 Texmedia | 1 Million Pixel Script | 2008-09-12 | 7.5 HIGH | N/A |
| SQL injection vulnerability in tops_top.php in Million Pixel Ad Script (Million Pixel Script) allows remote attackers to execute arbitrary SQL commands via the id_cat parameter. | |||||
| CVE-2008-2464 | 3 Freebsd, Kame, Netbsd | 3 Freebsd, Kame, Netbsd | 2008-09-11 | 7.1 HIGH | N/A |
| The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD 4.0, FreeBSD, and KAME, when INET6 is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ICMPv6 Multicast Listener Discovery (MLD) query with a certain Maximum Response Delay value. | |||||
| CVE-2008-3634 | 1 Apple | 3 Itunes, Mac Os X, Mac Os X Server | 2008-09-11 | 2.6 LOW | N/A |
| Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing is enabled but blocked by the host-based firewall, presents misleading information about firewall security, which might allow remote attackers to leverage an exposure that would be absent if the administrator were given better information. | |||||
| CVE-2008-6339 | 2008-09-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6339. Reason: This candidate is a duplicate of CVE-2007-6339. Notes: All CVE users should reference CVE-2007-6339 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-6426 | 2008-09-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6426. Reason: This candidate is a duplicate of CVE-2007-6426. Notes: All CVE users should reference CVE-2007-6426 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-3427 | 2008-09-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-3420. Reason: This candidate is a duplicate of CVE-2008-3420. Notes: All CVE users should reference CVE-2008-3420 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2008-2727 | 2008-09-11 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-2725. Reason: This candidate is a duplicate of CVE-2008-2725. Notes: All CVE users should reference CVE-2008-2725 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||