Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1946 | 1 Invision Power Services | 1 Invision Community Blog | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. | |||||
| CVE-2005-1947 | 1 Invision Power Services | 1 Invision Gallery | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | |||||
| CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | |||||
| CVE-2005-1948 | 1 Invision Power Services | 1 Invision Gallery | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. | |||||
| CVE-2005-1916 | 1 Ekg | 1 Ekg | 2016-10-17 | 2.1 LOW | N/A |
| linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-1931 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character. | |||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | |||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | |||||
| CVE-2005-2002 | 1 Mambo | 1 Mambo | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | |||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | |||||
| CVE-2005-2000 | 1 Php Arena | 1 Pafiledb | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. | |||||
| CVE-2005-1999 | 1 Php Arena | 1 Pafiledb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php). | |||||
| CVE-2005-1998 | 1 Mcgallery | 1 Mcgallery | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2005-1997 | 1 Mcgallery | 1 Mcgallery | 2016-10-17 | 5.0 MEDIUM | N/A |
| show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter. | |||||
| CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. | |||||
| CVE-2005-1973 | 1 Sun | 1 J2se | 2016-10-17 | 5.1 MEDIUM | N/A |
| Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges. | |||||
| CVE-2005-1954 | 1 Singapore | 1 Singapore | 2016-10-17 | 5.0 MEDIUM | N/A |
| singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message. | |||||
| CVE-2005-1949 | 1 E107 | 1 E107 | 2016-10-17 | 7.5 HIGH | N/A |
| The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter. | |||||
| CVE-2005-1950 | 1 Darryl Burgdorf | 1 Webhints | 2016-10-17 | 7.5 HIGH | N/A |
| hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
| CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2016-10-17 | 5.0 MEDIUM | N/A |
| Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. | |||||