Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2298 | 1 Softwin | 1 Bitdefender Engine | 2016-10-17 | 5.0 MEDIUM | N/A |
| BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards. | |||||
| CVE-2005-2297 | 1 Sybase | 1 Easerver | 2016-10-17 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. | |||||
| CVE-2005-2296 | 1 Yabb | 1 Yabb | 2016-10-17 | 5.0 MEDIUM | N/A |
| YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | |||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2016-10-17 | 4.6 MEDIUM | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | |||||
| CVE-2005-2290 | 1 Wps | 1 Web Portal System | 2016-10-17 | 10.0 HIGH | N/A |
| wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. | |||||
| CVE-2005-2288 | 1 Phpcounter | 1 Phpcounter | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. | |||||
| CVE-2005-2158 | 1 Jboss | 1 Jbpm | 2016-10-17 | 7.5 HIGH | N/A |
| A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845. | |||||
| CVE-2005-2159 | 1 Planetdns | 1 Planetfileserver | 2016-10-17 | 5.0 MEDIUM | N/A |
| mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request. | |||||
| CVE-2005-2193 | 1 Punbb | 1 Punbb | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it is used and prevents the attacker-supplied portions of the array from being properly escaped. | |||||
| CVE-2005-2160 | 1 Ipswitch | 1 Imail | 2016-10-17 | 5.0 MEDIUM | N/A |
| IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-2161 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. | |||||
| CVE-2005-2162 | 1 Levcgi.com | 1 Myguestbook | 2016-10-17 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter. | |||||
| CVE-2005-2163 | 1 Autoindex | 1 Php Script | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-2195 | 1 Apple | 1 Darwin Streaming Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Apple Darwin Streaming Server 5.5 and earlier allows remote attackers to cause a denial of service (application crash) via a URL with a filename containing a .cgi extension and an MS-DOS device name such as AUX, CON, PRN, COM1, or LPT1, a different vulnerability than CVE-2003-0421 and CVE-2003-0502. | |||||
| CVE-2005-2132 | 1 Sco | 1 Unixware | 2016-10-17 | 2.1 LOW | N/A |
| RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests. | |||||
| CVE-2005-2164 | 1 Covide Groupware-crm | 1 Covide | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-2178 | 1 Probe.cgi | 1 Probe.cgi | 2016-10-17 | 7.5 HIGH | N/A |
| probe.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the olddat parameter. NOTE: it is unclear which product or vendor this program is associated with, if any. | |||||
| CVE-2005-2179 | 1 Jaws | 1 Jaws | 2016-10-17 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2005-2180 | 1 Gnu | 1 Gnats | 2016-10-17 | 2.1 LOW | N/A |
| gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files. | |||||
| CVE-2005-2183 | 1 Phpxmail | 1 Phpxmail | 2016-10-17 | 7.5 HIGH | N/A |
| class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle large passwords, which prevents an error message from being returned and allows remote attackers to bypass authentication and gain unauthorized access. | |||||