Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0692 | 1 Php Fusion | 1 Php Fusion | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. | |||||
| CVE-2005-0646 | 1 Php Arena | 1 Panews | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter. | |||||
| CVE-2005-0602 | 1 Info-zip | 1 Unzip | 2016-10-17 | 6.2 MEDIUM | N/A |
| Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. | |||||
| CVE-2005-0575 | 1 Stormy Studios | 1 Knet | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2005-0573 | 1 Rob Flynn | 1 Gaim | 2016-10-17 | 5.0 MEDIUM | N/A |
| Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. | |||||
| CVE-2005-0568 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2016-10-17 | 5.0 MEDIUM | N/A |
| Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference. | |||||
| CVE-2005-0549 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function. | |||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | |||||
| CVE-2005-0542 | 1 Cyclades | 1 Alterpath Manager | 2016-10-17 | 4.6 MEDIUM | N/A |
| saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true. | |||||
| CVE-2005-0541 | 1 Cyclades | 1 Alterpath Manager | 2016-10-17 | 7.5 HIGH | N/A |
| consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | |||||
| CVE-2005-0537 | 1 Igeneric | 1 Free Shopping Cart | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | |||||
| CVE-2005-0511 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 7.5 HIGH | N/A |
| misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | |||||
| CVE-2005-0493 | 1 Seth M. Knorr | 1 Biz Mail Form | 2016-10-17 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter. | |||||
| CVE-2005-0526 | 1 Pblang | 1 Pblang | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. | |||||
| CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2016-10-17 | 5.0 MEDIUM | N/A |
| The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | |||||
| CVE-2005-0540 | 1 Cyclades | 1 Alterpath Manager | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page. | |||||
| CVE-2005-0507 | 1 Gd Software | 1 Sd Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request. | |||||
| CVE-2005-0516 | 1 Twiki | 1 Imagegalleryplugin | 2016-10-17 | 7.5 HIGH | N/A |
| The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. | |||||
| CVE-2005-0532 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 2.1 LOW | N/A |
| The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. | |||||
| CVE-2005-0509 | 2 Microsoft, Mono | 2 .net Framework, Mono | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | |||||