Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1141 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-17 | 7.5 HIGH | N/A |
| Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1071 | 1 Jportal | 1 Jportal Web Portal | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | |||||
| CVE-2005-1168 | 1 Musicmatch | 1 Jukebox | 2016-10-17 | 5.0 MEDIUM | N/A |
| DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument. | |||||
| CVE-2005-1102 | 1 Wordpress | 1 Wordpress | 2016-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. | |||||
| CVE-2005-1077 | 1 Xampp | 1 Apache Distribution | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. | |||||
| CVE-2005-1196 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter. | |||||
| CVE-2005-1117 | 1 All4www | 1 All4www-homepagecreator | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1103 | 1 Sygate Technologies | 1 Security Agent | 2016-10-17 | 4.6 MEDIUM | N/A |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | |||||
| CVE-2005-1104 | 1 Centra | 1 Centra | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1115 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | |||||
| CVE-2005-1105 | 1 Sun | 1 Javamail | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. | |||||
| CVE-2005-1106 | 1 Apple | 1 Quicktime Pictureviewer | 2016-10-17 | 5.0 MEDIUM | N/A |
| PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. | |||||
| CVE-2005-1078 | 1 Xampp | 1 Apache Distribution | 2016-10-17 | 7.5 HIGH | N/A |
| XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. | |||||
| CVE-2005-1079 | 1 Mike De Boer | 1 Zoom Media Gallery | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2005-1142 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values. | |||||
| CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-17 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | |||||
| CVE-2005-1136 | 1 Sphpblog | 1 Sphpblog | 2016-10-17 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | |||||
| CVE-2005-1135 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-1064 | 1 Rsnapshot | 1 Filesystem Snapshot Utility | 2016-10-17 | 4.6 MEDIUM | N/A |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | |||||