Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2624 | 1 Cpaint | 1 Cpaint | 2016-10-17 | 5.0 MEDIUM | N/A |
| Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement. | |||||
| CVE-2005-2718 | 1 Mplayer | 1 Mplayer | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows remote attackers to execute arbitrary code via crafted PCM audio data, as demonstrated using a video file with an audio header containing a large value in a stream format (strf) chunk. | |||||
| CVE-2005-2543 | 1 Comdev | 1 Comdev Ecommerce | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter. | |||||
| CVE-2005-2538 | 1 Flatnuke | 1 Flatnuke | 2016-10-17 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via (1) a null byte or (2) an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1 in the mod parameter. | |||||
| CVE-2005-2537 | 1 Flatnuke | 1 Flatnuke | 2016-10-17 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to obtain sensitive information via a direct request to structure.php. | |||||
| CVE-2005-2581 | 1 Grandstream | 2 Budgetone 101, Budgetone 102 | 2016-10-17 | 5.0 MEDIUM | N/A |
| Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and possibly earlier versions, allows remote attackers to cause a denial of service (device hang or reboot) via a large UDP packet to port 5060. | |||||
| CVE-2005-2582 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2016-10-17 | 3.6 LOW | N/A |
| Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses world-writable permissions for the (1) log and (2) license directory, which allows local users to delete log files, append to arbitrary files via a symlink attack on kavmonitor.log, or delete license keys and prevent keepup2date from properly executing. | |||||
| CVE-2005-2560 | 1 Ader Software | 1 Cfbb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-2561 | 1 Myfaq | 1 Myfaq | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3, (2) choixsoustheme.php3, (3) consultation.php3, (4) insfaq.php3, (5) inssoustheme.php3, (6) instheme.php3, (7) saisiefaqtotale.php3, (8) saisiesoustheme.php3, or (9) voirfaq.php3, the SousTheme parameter to (10) affichagefaq.php3, (11) consultation.php3, (12) insfaq.php3, (13) inssoustheme.php3, (14) saisiefaq.php3, (15) saisiefaqtotale.php3, or (16) voirfaq.php3, the Faq parameter to (17) saisiefaq.php3, (18) voirfaq.php3, or (19) inssolution.php3, or (20) question parameter to affichagefaq.php3. | |||||
| CVE-2005-2563 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X (GBX) 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the board_id parameter to deletethread.php or (2) the template. | |||||
| CVE-2005-2567 | 1 Syscp Team | 1 Syscp | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier allows remote attackers to execute arbitrary PHP code via the language parameter. | |||||
| CVE-2005-2586 | 1 Mentor | 1 Adslfr4ii | 2016-10-17 | 2.1 LOW | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2585 | 1 Mentor | 1 Adslfr4ii | 2016-10-17 | 5.0 MEDIUM | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote attackers to cause a denial of service (active TCP connections state table consumption) via a large number of connections, such as a port scan. | |||||
| CVE-2005-2583 | 1 Mentor | 1 Adslfr4ii | 2016-10-17 | 7.5 HIGH | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. | |||||
| CVE-2005-2584 | 1 Mentor | 1 Adslfr4ii | 2016-10-17 | 7.2 HIGH | N/A |
| The web administration interface in Mentor ADSL-FR4II router running firmware 2.00.0111 does not set a default password, which allows local users to gain access. | |||||
| CVE-2005-2542 | 1 Invision Power Services | 1 Invision Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. | |||||
| CVE-2005-2580 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 with Security Patch allow remote attackers to execute arbitrary SQL commands via the Username field in (1) index.php or (2) member.php, action parameter to (3) search.php or (4) member.php, or (5) polloptions parameter to polls.php. | |||||
| CVE-2005-2546 | 1 Arab Portal | 1 Arab Portal | 2016-10-17 | 5.0 MEDIUM | N/A |
| Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called. | |||||
| CVE-2005-2622 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. | |||||
| CVE-2005-2552 | 1 Hp | 1 Proliant Dl585 | 2016-10-17 | 7.5 HIGH | N/A |
| Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down." | |||||