Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0655 | 1 Arif Supriyanto | 1 Auracms | 2016-10-17 | 5.0 MEDIUM | N/A |
| auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0633 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. | |||||
| CVE-2005-0691 | 1 Socialmpn | 1 Socialmpn | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in article mode for modules.php in SocialMPN allows remote attackers to execute arbitrary PHP code by modifying the name parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0690 | 1 Gene6 | 1 G6 Ftp Server | 2016-10-17 | 2.1 LOW | N/A |
| Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command. | |||||
| CVE-2005-0614 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 7.5 HIGH | N/A |
| sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie. | |||||
| CVE-2005-0721 | 1 Gamearena | 1 Experience2 | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0689 | 1 Jimmy | 1 The Includer | 2016-10-17 | 7.5 HIGH | N/A |
| includer.cgi in The Includer allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the URL or (2) the template parameter. | |||||
| CVE-2005-0680 | 1 Stadtaus | 1 Download Center Lite | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in download_center_lite.inc.php for Download Center Lite 1.6 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0615 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter. | |||||
| CVE-2005-0616 | 1 Postnuke Software Foundation | 1 Postnuke Phoenix | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the (1) Program name, (2) File link, (3) Author name (4) Author e-mail address, (5) File size, (6) Version, or (7) Home page variables. | |||||
| CVE-2005-0678 | 1 Stadtaus | 1 Form Mail Script | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | |||||
| CVE-2005-0695 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-17 | 5.0 MEDIUM | N/A |
| The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | |||||
| CVE-2005-0617 | 1 Postnuke Software Foundation | 1 Postnuke | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter. | |||||
| CVE-2005-0674 | 1 Php Arena | 1 Pabox | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request. | |||||
| CVE-2005-0621 | 1 Enlight Software | 1 Scrapland | 2016-10-17 | 5.0 MEDIUM | N/A |
| Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets. | |||||
| CVE-2005-0694 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-17 | 5.0 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | |||||
| CVE-2005-0622 | 1 Raidenhttpd | 1 Raidenhttpd | 2016-10-17 | 5.0 MEDIUM | N/A |
| RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space. | |||||
| CVE-2005-0604 | 1 Gfi | 1 Languard Network Security Scanner | 2016-10-17 | 4.6 MEDIUM | N/A |
| lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials. | |||||
| CVE-2005-0647 | 1 Php Arena | 1 Panews | 2016-10-17 | 5.0 MEDIUM | N/A |
| admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php. | |||||