Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1684 | 1 Episodex | 1 Episodex Guestbook | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in default.asp for episodex guestbook allows remote attackers to inject arbitrary web script or HTML via the Name field and other fields. | |||||
| CVE-2005-1671 | 1 Yahoo | 1 Messenger | 2016-10-17 | 2.1 LOW | N/A |
| The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be activated by a YMSGR: URL and writes all output to a single ypager.log file, even when there are multiple users, and does not properly warn later users that the feature has been enabled, which allows local users to obtain sensitive information from other users. | |||||
| CVE-2005-1633 | 1 Jgs-xa | 1 Jgs-portal | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to (jgs_portal_beitraggraf.php, 4) tag parameter to (jgs_portal_viewsgraf.php, 5) year parameter to (jgs_portal_themengraf.php, 6) year parameter to (jgs_portal_mitgraf.php, 7) id parameter to jgs_portal_sponsor.php, or (8) the Accept-Language header to jgs_portal_log.php. | |||||
| CVE-2005-1685 | 1 Episodex | 1 Episodex Guestbook | 2016-10-17 | 7.5 HIGH | N/A |
| episodex guestbook allows remote attackers to bypass authentication and edit scripts via a direct request to admin.asp. | |||||
| CVE-2005-1510 | 1 Pwsphp | 1 Pwsphp | 2016-10-17 | 7.5 HIGH | N/A |
| PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message. | |||||
| CVE-2005-1506 | 1 Cj | 1 Ultra Plus | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter. | |||||
| CVE-2005-1547 | 1 Bakbone | 1 Netvault | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031. | |||||
| CVE-2005-1550 | 1 Colored Scripts | 1 Easy Message Board | 2016-10-17 | 7.5 HIGH | N/A |
| easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter. | |||||
| CVE-2005-1548 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter. | |||||
| CVE-2005-1549 | 1 Colored Scripts | 1 Easy Message Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter. | |||||
| CVE-2005-1563 | 1 Mozilla | 1 Bugzilla | 2016-10-17 | 5.0 MEDIUM | N/A |
| Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. | |||||
| CVE-2005-1471 | 1 Rsa | 1 Securid Web Agent | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. | |||||
| CVE-2005-1366 | 1 Pico Server | 1 Pico Server | 2016-10-17 | 7.5 HIGH | N/A |
| Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL. | |||||
| CVE-2005-1365 | 1 Pico Server | 1 Pico Server | 2016-10-17 | 10.0 HIGH | N/A |
| Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences. | |||||
| CVE-2005-1363 | 1 Metalinks | 1 Metacart2 | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp. | |||||
| CVE-2005-1394 | 1 Esri | 2 Arcgis, Arcinfo Workstation | 2016-10-17 | 7.2 HIGH | N/A |
| Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr. | |||||
| CVE-2005-1393 | 1 Esri | 1 Arcinfo Workstation | 2016-10-17 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery. | |||||
| CVE-2005-1352 | 1 Leif M. Wright | 1 Ad.cgi | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | |||||
| CVE-2005-1355 | 1 Includer.cgi | 1 Includer.cgi | 2016-10-17 | 5.0 MEDIUM | N/A |
| includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801. | |||||
| CVE-2005-1356 | 1 Includer.cgi | 1 Includer.cgi | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument. | |||||