Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1732 | 1 Metro Marketing | 1 Cookie Cart | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi. | |||||
| CVE-2005-1733 | 1 Metro Marketing | 1 Cookie Cart | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt. | |||||
| CVE-2005-1752 | 1 Gforge | 1 Gforge | 2016-10-17 | 6.4 MEDIUM | N/A |
| viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. | |||||
| CVE-2005-1755 | 1 Php Poll Creator | 1 Php Poll Creator | 2016-10-17 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter. | |||||
| CVE-2005-1759 | 1 Shtool | 1 Shtool | 2016-10-17 | 1.2 LOW | N/A |
| Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. | |||||
| CVE-2005-1771 | 1 Hp | 1 Hp-ux | 2016-10-17 | 7.5 HIGH | N/A |
| Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t. | |||||
| CVE-2005-1772 | 1 Atari | 1 Terminator 3 War Of The Machines | 2016-10-17 | 5.0 MEDIUM | N/A |
| Buffer overflow in the client cd-key hash in Terminator 3: War of the Machines 1.16 and earlier allows remote attackers to cause a denial of service (application crash) via a long client cd-key hash value, a different vulnerability than CVE-2005-1556. | |||||
| CVE-2005-1773 | 1 Lsoft | 1 Listserv | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. | |||||
| CVE-2005-1774 | 1 Davfs2 | 1 Davfs2 | 2016-10-17 | 2.1 LOW | N/A |
| WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce Unix permissions, which allows local users to write arbitrary files on a davfs2 mounted filesystem. | |||||
| CVE-2005-1776 | 1 Cnedra | 1 Cnedra | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in the READ_TCP_STRING function in game_message_functions.cpp in the network plugin for C'Nedra 0.4.0 and earlier allows remote attackers to execute arbitrary code via a long text string. | |||||
| CVE-2005-1777 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows remote attackers to execute arbitrary SQL commands via the start parameter. | |||||
| CVE-2005-1806 | 1 Peercast | 1 Peercast | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL. | |||||
| CVE-2005-1808 | 1 Firefly Studios | 1 Stronghold 2 | 2016-10-17 | 5.0 MEDIUM | N/A |
| Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large size value for the nickname, which causes a memory allocation failure and generates an exception. | |||||
| CVE-2005-1810 | 1 Wordpress | 1 Wordpress | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php. | |||||
| CVE-2005-1821 | 1 Powerscripts.org | 1 Powerdownload | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pdl_header.inc.php in PowerDownload 3.0.2 and 3.0.3 allows remote attackers to execute arbitrary PHP code via the incdir parameter to downloads.php. | |||||
| CVE-2005-1828 | 1 D-link | 1 Dsl-504t | 2016-10-17 | 7.5 HIGH | N/A |
| D-Link DSL-504T stores usernames and passwords in cleartext in the router configuration file, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1830 | 1 Compuware | 1 Softice Driverstudio | 2016-10-17 | 5.0 MEDIUM | N/A |
| The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 allows remote attackers to cause a denial of service (application crash) via an invalid Debug Message pointer. | |||||
| CVE-2005-1831 | 1 Todd Miller | 1 Sudo | 2016-10-17 | 7.2 HIGH | N/A |
| ** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty." | |||||
| CVE-2005-1832 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 and earlier allow remote attackers to execute arbitrary web script or HTML via the (1) forums, (2) version, or (3) limit parameter to misc.php, (4) page or (5) datecut parameter to forumdisplay.php, (6) username, (7) email, or (8) email2 parameter to member.php, (9) page or (10) usersearch parameter to memberlist.php, (11) pid or (12) tid parameter to showthread.php, or (13) tid parameter to printthread.php. | |||||
| CVE-2005-1833 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 RC4 allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to calendar.php, (2) idsql parameter to online.php, (3) usersearch parameter to memberlist.php, (4) pid parameter to editpost.php, (5) fid parameter to forumdisplay.php, (6) tid parameter to newreply.php, (7) sid parameter to search.php, (8) tid or (9) pid parameter to showthread.php, (10) tid parameter to usercp2.php, (11) tid parameter to printthread.php, or (12) pid parameter to reputation.php. | |||||