Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1871 | 1 Drupal | 1 Drupal | 2016-10-17 | 7.5 HIGH | N/A |
| Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly." | |||||
| CVE-2005-1944 | 1 Xmysqladmin | 1 Xmysqladmin | 2016-10-17 | 2.1 LOW | N/A |
| xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp. | |||||
| CVE-2005-1945 | 1 Invision Power Services | 1 Invision Community Blog | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. | |||||
| CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1952 | 1 Pico Server | 1 Pico Server | 2016-10-17 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count. | |||||
| CVE-2005-1953 | 1 Pico Server | 1 Pico Server | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2005-1966 | 1 E107 | 1 E107 | 2016-10-17 | 7.5 HIGH | N/A |
| The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter. | |||||
| CVE-2005-1899 | 1 Rakkarsoft | 1 Raknet | 2016-10-17 | 5.0 MEDIUM | N/A |
| Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet. | |||||
| CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php. | |||||
| CVE-2005-1956 | 1 File Upload Manager | 1 File Upload Manager | 2016-10-17 | 5.0 MEDIUM | N/A |
| File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks. | |||||
| CVE-2005-1905 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2016-10-17 | 7.2 HIGH | N/A |
| The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs. | |||||
| CVE-2005-1850 | 1 Ekg | 1 Ekg | 2016-10-17 | 10.0 HIGH | N/A |
| Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | |||||
| CVE-2005-1851 | 1 Ekg | 1 Ekg | 2016-10-17 | 10.0 HIGH | N/A |
| A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | |||||
| CVE-2005-1955 | 1 Singapore | 1 Singapore | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
| CVE-2005-1827 | 1 D-link | 1 Dsl-504t | 2016-10-17 | 7.5 HIGH | N/A |
| D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg. | |||||
| CVE-2005-1702 | 1 Black Cactus | 2 Warrior Kings, Warrior Kings Battles | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname. | |||||
| CVE-2005-1703 | 1 Black Cactus | 1 Warrior Kings Battles | 2016-10-17 | 5.0 MEDIUM | N/A |
| Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference. | |||||
| CVE-2005-1708 | 1 Bluecoat | 1 Reporter | 2016-10-17 | 4.6 MEDIUM | N/A |
| templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true. | |||||
| CVE-2005-1710 | 1 Bluecoat | 1 Reporter | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page. | |||||
| CVE-2005-1725 | 1 Apple | 1 Mac Os X Server | 2016-10-17 | 2.1 LOW | N/A |
| launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory. | |||||