Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||||
| CVE-2005-4455 | 1 Livejournal | 1 Livejournal | 2008-09-05 | 5.0 MEDIUM | N/A |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | |||||
| CVE-2005-4450 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | |||||
| CVE-2005-4397 | 1 Icms Content Management Systems | 1 Icms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | |||||
| CVE-2005-4257 | 1 Linksys | 4 Befw11s4, Befw11s4 V3, Befw11s4 V4 and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID. | |||||
| CVE-2005-4172 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. | |||||
| CVE-2005-4076 | 1 Appfluent Technology | 1 Database Ids | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable. | |||||
| CVE-2005-4446 | 1 Aspbite | 1 Aspbite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | |||||
| CVE-2005-4173 | 1 Efiction Project | 1 Efiction | 2008-09-05 | 5.0 MEDIUM | N/A |
| eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. | |||||
| CVE-2005-3901 | 1 Macromedia | 1 Flash Communication Server | 2008-09-05 | 7.8 HIGH | N/A |
| Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build of Flash Player 8.5 (build 133). | |||||
| CVE-2005-3687 | 1 Whm Autopilot | 1 Whm Autopilot | 2008-09-05 | 5.0 MEDIUM | N/A |
| cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter. | |||||
| CVE-2005-3697 | 1 Uresk Links | 1 Uresk Links | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php. | |||||
| CVE-2005-3698 | 1 Php Easy Download | 1 Php Easy Download | 2008-09-05 | 7.5 HIGH | N/A |
| PHP Easy Download allows remote attackers to bypass authentication via edit.php. | |||||
| CVE-2005-3727 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in debug/query_results.jsp in Idetix Software Systems Revize CMS allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||||
| CVE-2005-3728 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS stores conf/revize.xml under the web document root with insufficient access control, which allows remote attackers to obtain sensitive configuration information. | |||||
| CVE-2005-3729 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Idetix Software Systems Revize CMS allows remote attackers to obtain sensitive information via direct requests to files in the revize/debug directory, such as (1) apptables.html and (2) main.html. | |||||
| CVE-2005-3730 | 1 Revize Cms | 1 Revize Cms | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in HTTPTranslatorServlet in Idetix Software Systems Revize CMS allow remote attackers to inject arbitrary web script or HTML via the (1) resourcetype, (2) objectmap, and (3) redirect parameters, possibly involving setWebSpace.jsp. | |||||
| CVE-2005-3731 | 1 Yassl | 1 Yassl | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and attack vectors, related to "certificate chain processing." | |||||
| CVE-2005-3736 | 1 Coastal Data Management | 1 E-quick Cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname parameter in shopmaillist.asp, (3) strpid parameter in shopprojectlogin.asp, and (4) Custname parameter in shoptellafriend.asp. | |||||
| CVE-2005-3741 | 1 Almondsoft | 1 Almond Classifieds | 2008-09-05 | 7.5 HIGH | N/A |
| Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions. | |||||