Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4451 | 1 Hp | 1 Hp-ux | 2018-10-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Software Distributor in HP-UX B.11.11 allows remote attackers to gain access via unspecified attack vectors. | |||||
| CVE-2005-4447 | 1 Coinsoft Technologies | 1 Phpcoin | 2018-10-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in articles\articles_funcs.php in phpCOIN 1.2.2 allows remote attackers to modify SQL syntax and possibly execute SQL in limited circumstances via the rec_next parameter. NOTE: the original disclosure suggests that command injection is not feasible because the injection occurs after an "ORDER BY" clause, but it is likely that this bug could result in an error message path disclosure due to a syntax error, in some environments. Therefore this is an exposure and should be included in CVE. | |||||
| CVE-2005-4445 | 1 David Harris | 1 Pegasus Mail | 2018-10-19 | 5.1 MEDIUM | N/A |
| Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow. | |||||
| CVE-2005-4428 | 1 Cerberus | 1 Cerberus Helpdesk | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Cerberus Helpdesk allows remote attackers to inject arbitrary web script or HTML via the kb_ask parameter. | |||||
| CVE-2005-4417 | 3 Anycom, Belkin, Widcomm | 3 Blue Usb-130-250 Software, Bluetooth Software, Bluetooth For Windows | 2018-10-19 | 6.4 MEDIUM | N/A |
| The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile. | |||||
| CVE-2005-4021 | 1 Gallery Project | 1 Gallery | 2018-10-19 | 5.0 MEDIUM | N/A |
| The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-4023 | 1 Gallery Project | 1 Gallery | 2018-10-19 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors. | |||||
| CVE-2005-4049 | 1 Netart Media | 1 Blog System | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php. | |||||
| CVE-2005-4050 | 1 Multi-tech Systems | 1 Multivoip | 2018-10-19 | 7.5 HIGH | N/A |
| Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (SIP) packet. | |||||
| CVE-2005-4051 | 1 E107 | 1 E107 | 2018-10-19 | 5.0 MEDIUM | N/A |
| e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php. | |||||
| CVE-2005-4053 | 1 Cowiki | 1 Cowiki | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html. | |||||
| CVE-2005-4079 | 1 Phpmyadmin | 1 Phpmyadmin | 2018-10-19 | 5.0 MEDIUM | N/A |
| The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can then be used to overwrite other variables. | |||||
| CVE-2005-4080 | 1 Horde | 1 Imp | 2018-10-19 | 4.3 MEDIUM | N/A |
| Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters. | |||||
| CVE-2005-4081 | 1 Alisveristr | 1 Alisveristr E-commerce | 2018-10-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters in (1) the user login and (2) administrator login pages. | |||||
| CVE-2005-4082 | 1 Qnx | 1 Qnx | 2018-10-19 | 4.6 MEDIUM | N/A |
| The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks. | |||||
| CVE-2005-4083 | 1 Phpbb Styles | 1 Extreme Styles Phpbb Module | 2018-10-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter. | |||||
| CVE-2005-4084 | 1 Phpbb Styles | 1 Phpbb Extreme Styles | 2018-10-19 | 5.0 MEDIUM | N/A |
| xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter. | |||||
| CVE-2005-4134 | 3 K-meleon Project, Mozilla, Netscape | 4 K-meleon, Firefox, Mozilla Suite and 1 more | 2018-10-19 | 5.0 MEDIUM | N/A |
| Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue. | |||||
| CVE-2005-4135 | 1 Simplemedia | 1 Simplebbs | 2018-10-19 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php. | |||||
| CVE-2005-4136 | 1 Fad Solutions | 1 Drzes Hms | 2018-10-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter. | |||||