Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1881 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code. | |||||
| CVE-2005-1882 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter. | |||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | |||||
| CVE-2005-1884 | 1 Yapig | 1 Yapig | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | |||||
| CVE-2005-1886 | 1 Yapig | 1 Yapig | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. | |||||
| CVE-2005-1888 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. | |||||
| CVE-2005-1890 | 1 Mortiforo | 1 Mortiforo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors. | |||||
| CVE-2005-1897 | 1 Flexcast | 1 Flexcast Audio Video Streaming Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. | |||||
| CVE-2005-1898 | 1 Phpthumb | 1 Phpthumb | 2008-09-05 | 5.0 MEDIUM | N/A |
| The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images. | |||||
| CVE-2005-1904 | 1 Jiro | 1 Jiro Upload System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) 1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1908 | 1 Perception | 1 Liteweb | 2008-09-05 | 7.5 HIGH | N/A |
| Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL. | |||||
| CVE-2005-1910 | 1 Wwweb Concepts | 1 Events System | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1911 | 1 Leafnode | 1 Leafnode | 2008-09-05 | 5.0 MEDIUM | N/A |
| The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang while waiting for input that never arrives, which allows remote NNTP servers to cause a denial of service (news loss). | |||||
| CVE-2005-1914 | 1 Centericq | 1 Centericq | 2008-09-05 | 2.1 LOW | N/A |
| CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. | |||||
| CVE-2005-1917 | 1 Kpopper | 1 Kpopper | 2008-09-05 | 2.1 LOW | N/A |
| kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file. | |||||
| CVE-2005-1922 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 5.0 MEDIUM | N/A |
| The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. | |||||
| CVE-2005-1923 | 1 Clam Anti-virus | 1 Clamav | 2008-09-05 | 2.6 LOW | N/A |
| The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. | |||||
| CVE-2005-1941 | 1 Silvercity | 1 Silvercity | 2008-09-05 | 3.7 LOW | N/A |
| SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) cgi-styler.py, and (3) source2html.py with read and write world permissions, which allows local users to execute arbitrary code. | |||||
| CVE-2005-1959 | 1 Jammail | 1 Jammail | 2008-09-05 | 7.5 HIGH | N/A |
| jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute arbitrary commands via shell metacharacters in the mail parameter. | |||||