Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2846 | 1 Cmsmadesimple | 1 Cms Made Simple | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. | |||||
| CVE-2005-2638 | 1 Phpfreenews | 1 Phpfreenews | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php. | |||||
| CVE-2005-2640 | 3 Juniper, Neoteris, Netscreen | 16 Netscreen-5gt, Netscreen-idp, Netscreen-idp 10 and 13 more | 2016-10-17 | 5.0 MEDIUM | N/A |
| Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid. | |||||
| CVE-2005-2639 | 1 Valusoft | 1 Chris Moneymakers World Poker Championship | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||||
| CVE-2005-2732 | 1 Awstats | 1 Awstats | 2016-10-17 | 5.0 MEDIUM | N/A |
| AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | |||||
| CVE-2005-2731 | 1 Astaro | 1 Security Linux | 2016-10-17 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl. | |||||
| CVE-2005-2637 | 1 Phpfreenews | 1 Phpfreenews | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php. | |||||
| CVE-2005-2675 | 1 Neocrome | 1 Land Down Under | 2016-10-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." | |||||
| CVE-2005-2674 | 1 Neocrome | 1 Land Down Under | 2016-10-17 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** Note: the vendor has disputed this issue. Multiple cross-site scripting (XSS) vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to inject arbitrary web script or HTML via the (1) c or (2) m parameters to index.php or (3) w parameter to journal.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected." | |||||
| CVE-2005-2623 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-17 | 5.0 MEDIUM | N/A |
| ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost. | |||||
| CVE-2005-2665 | 1 Elm Development Group | 1 Elm | 2016-10-17 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header. | |||||
| CVE-2005-2664 | 1 Whisper32 | 1 Whisper32 | 2016-10-17 | 2.1 LOW | N/A |
| Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory. | |||||
| CVE-2005-2722 | 1 Foojan | 1 Php Weblog | 2016-10-17 | 5.0 MEDIUM | N/A |
| Foojan PHP Weblog allows remote attackers to obtain sensitive information via (1) a direct request to /daylinks/index.php or (2) a negative value in the daylinkspage parameter to index.php, which reveal the path in an error message. | |||||
| CVE-2005-2699 | 1 Phpkit | 1 Phpkit | 2016-10-17 | 4.6 MEDIUM | N/A |
| Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE. | |||||
| CVE-2005-2697 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter. NOTE: this issue might overlap CVE-2005-0282. | |||||
| CVE-2005-2696 | 1 Ibm | 1 Lotus Notes | 2016-10-17 | 5.0 MEDIUM | N/A |
| IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428. | |||||
| CVE-2005-2633 | 1 Phptb | 1 Topic Boards | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. | |||||
| CVE-2005-2643 | 1 Tor | 1 Tor | 2016-10-17 | 5.0 MEDIUM | N/A |
| Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit. | |||||
| CVE-2005-2683 | 1 Phpkit | 1 Phpkit | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php. | |||||
| CVE-2005-2625 | 1 Cpaint | 1 Cpaint | 2016-10-17 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist. | |||||