Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2203 | 1 Phpwishlist | 1 Phpwishlist | 2008-09-05 | 7.5 HIGH | N/A |
| login.php in phpWishlist before 0.1.15 allows remote attackers to bypass authentication via a direct request to admin.php. | |||||
| CVE-2005-2205 | 1 Pngren | 1 Pngren | 2008-09-05 | 7.5 HIGH | N/A |
| The ReadLog function in kaiseki.cgi in pngren allows remote attackers to execute arbitrary commands via shell metacharacters in the query string. | |||||
| CVE-2005-2206 | 1 Elemental Software | 1 Cartwiz | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp. | |||||
| CVE-2005-2207 | 1 Elemental Software | 1 Cartwiz | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter. | |||||
| CVE-2005-2208 | 1 Privashare | 1 Privashare | 2008-09-05 | 5.0 MEDIUM | N/A |
| PrivaShare 1.1b allows remote attackers to cause a denial of service (crash) via a malformed message. | |||||
| CVE-2005-2209 | 1 Capturix | 1 Scanshare | 2008-09-05 | 1.9 LOW | N/A |
| Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users. | |||||
| CVE-2005-2210 | 1 Tonec Inc. | 1 Internet Download Manager | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL. | |||||
| CVE-2005-2211 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 4.6 MEDIUM | N/A |
| Backup Manager 0.5.8a creates temporary files insecurely, which allows local users to conduct unauthorized file operations when a user is burning a CDR. | |||||
| CVE-2005-2212 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 6.4 MEDIUM | N/A |
| Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository. | |||||
| CVE-2005-2214 | 1 Debian | 1 Apt-setup | 2008-09-05 | 4.6 MEDIUM | N/A |
| apt-setup in Debian GNU/Linux installs the apt.conf file with insecure permissions, which allows local users to obtain sensitive information such as passwords. | |||||
| CVE-2005-2215 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888. | |||||
| CVE-2005-2216 | 1 Photogal | 1 Photogal Photo Gallery | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo Gallery 1.5 and earlier allows remote attackers to execute arbitrary code via the news_file parameter. | |||||
| CVE-2005-2217 | 1 Craig Dansie | 1 Dansie Shopping Cart | 2008-09-05 | 5.0 MEDIUM | N/A |
| Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables. | |||||
| CVE-2005-2219 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 4.6 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to perform unauthorized actions, such as modifying the credit limit, via a direct request to AccountActions.asp and modifying the CreditLimit parameter in an UpdateCreditLimit action. | |||||
| CVE-2005-2223 | 1 Mailenable | 2 Mailenable Professional, Mailenable Standard | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the SMTP service in MailEnable Standard before 1.9 and Professional before 1.6 allows remote attackers to cause a denial of service (crash) during authentication. | |||||
| CVE-2005-2226 | 1 Microsoft | 1 Outlook Express | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Outlook Express 6.0 leaks the default news server account when a user responds to a "watched" conversation thread, which could allow remote attackers to obtain sensitive information. | |||||
| CVE-2005-2228 | 1 Bdc Enterprises | 1 Web Wiz Forums | 2008-09-05 | 5.0 MEDIUM | N/A |
| Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message titles of a hidden forum. | |||||
| CVE-2005-2230 | 1 Elmo | 1 Elmo | 2008-09-05 | 2.1 LOW | N/A |
| Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. | |||||
| CVE-2005-2231 | 1 High Availability Linux Project | 1 Heartbeat | 2008-09-05 | 2.1 LOW | N/A |
| High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-2232 | 1 Ibm | 1 Aix | 2008-09-05 | 4.6 MEDIUM | N/A |
| Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. | |||||