Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2010 | 1 Uapplication | 1 Ublog Reload | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter. | |||||
| CVE-2005-2014 | 1 Php Arena | 1 Pafaq | 2016-10-17 | 4.6 MEDIUM | N/A |
| The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | |||||
| CVE-2005-2009 | 1 Ublog | 1 Reload | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) ci, (2) d, or (3) m parameter to index.asp, or the (4) bi parameter to blog_comment.asp. | |||||
| CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
| CVE-2005-2065 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-17 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | |||||
| CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | |||||
| CVE-2005-2008 | 1 Yaws | 1 Webserver | 2016-10-17 | 5.0 MEDIUM | N/A |
| Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null). | |||||
| CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
| CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-17 | 5.0 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
| CVE-2005-2046 | 1 Duware | 1 Duamazon Pro | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | |||||
| CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2016-10-17 | 5.0 MEDIUM | N/A |
| Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | |||||
| CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
| CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2016-10-17 | 5.0 MEDIUM | N/A |
| paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
| CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2016-10-17 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | |||||
| CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2016-10-17 | 5.0 MEDIUM | N/A |
| Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
| CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | |||||
| CVE-2005-1891 | 1 Aol | 1 Instant Messenger | 2016-10-17 | 5.0 MEDIUM | N/A |
| The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | |||||
| CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2016-10-17 | 4.6 MEDIUM | N/A |
| Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | |||||
| CVE-2005-1875 | 1 Exhibit Engine | 1 Exhibit Engine | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | |||||
| CVE-2005-1870 | 1 Popper | 1 Popper | 2016-10-17 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter. | |||||