Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1736 | 1 Electricmonk | 1 Proms | 2008-09-05 | 7.5 HIGH | N/A |
| PROMS 0.11 does not properly handle "certain combinations of rights," which gives more rights to users than intended. | |||||
| CVE-2005-1738 | 1 Iron Bars Shell | 1 Iron Bars Shell | 2008-09-05 | 10.0 HIGH | N/A |
| Format string vulnerability in the logPrintBadfile function in delbadfiles.c Iron Bars SHell (ibsh) before 0.3d allows users to "access files outside the home directory" and possibly execute arbitrary code via certain inputs that are not properly handled in a syslog call. | |||||
| CVE-2005-1750 | 1 Distinct Web Creations | 1 Newsletterez | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1637 | 1 Npds | 1 Npds | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php. | |||||
| CVE-2005-1607 | 1 Remote Cart | 1 Remote Cart | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters. | |||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 5.0 MEDIUM | N/A |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2005-1594 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1593 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1592 | 1 Birdblog | 1 Birdblog | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript. | |||||
| CVE-2005-1590 | 1 Altiris | 2 Client Service, Deployment Solution | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. | |||||
| CVE-2005-1588 | 1 Open Solution | 1 Quick.cart | 2008-09-05 | 7.5 HIGH | N/A |
| ** DISPUTED ** SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection. | |||||
| CVE-2005-1587 | 1 Open Solution | 1 Quick.cart | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. | |||||
| CVE-2005-1586 | 1 Open Solution | 1 Quick.forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files. | |||||
| CVE-2005-1585 | 1 Open Solution | 1 Quick.forum | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory. | |||||
| CVE-2005-1584 | 1 Open Solution | 1 Quick.forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. | |||||
| CVE-2005-1583 | 1 1two | 1 1two News | 2008-09-05 | 5.0 MEDIUM | N/A |
| 1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. | |||||
| CVE-2005-1582 | 1 1two | 1 1two News | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables. | |||||
| CVE-2005-1581 | 1 Eric Fichot | 1 Bug Report | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php. | |||||
| CVE-2005-1580 | 1 Boastmachine | 1 Boastmachine | 2008-09-05 | 7.5 HIGH | N/A |
| users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1659 | 1 Myserver | 1 Myserver | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to inject arbitrary Javascript via a URL with a "..." (triple dot) followed by an onmouseover event. | |||||