Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4043 | 1 Hobosworld | 1 Hobsr | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters. | |||||
| CVE-2005-4044 | 1 Mr. Cgi Guy | 1 Amazon Search Directory | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly the search parameter. | |||||
| CVE-2005-4055 | 1 Cars Portal | 1 Cars Portal | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters. | |||||
| CVE-2005-4058 | 1 Saralblog | 1 Saralblog | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. | |||||
| CVE-2005-4060 | 1 Rainworx | 1 Rwauction Pro | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. | |||||
| CVE-2005-4066 | 1 Christian Ghisler | 1 Total Commander | 2017-07-19 | 4.9 MEDIUM | N/A |
| Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb worm. | |||||
| CVE-2005-4071 | 1 Cfmagic | 1 Magic Forum Personal | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm. | |||||
| CVE-2005-4074 | 1 Mycfnuke | 1 Cf Nuke | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (1) sector or (2) page parameters. | |||||
| CVE-2005-4075 | 1 Mycfnuke | 1 Cf Nuke | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector. | |||||
| CVE-2005-4078 | 1 Ideal Science | 1 Ideal Bb.net | 2017-07-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) forumID, (2) boardID, and (3) topicRepeater1-p parameters in topics.aspx, (4) boardID parameter in categoryindex.aspx, (5) postID parameter in posts.aspx, (6) catID parameter in forums.aspx, and (7) memberID parameter in member.aspx. | |||||
| CVE-2005-4087 | 1 Sugarcrm | 1 Sugar Suite | 2017-07-19 | 7.5 HIGH | N/A |
| PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter. | |||||
| CVE-2005-4094 | 1 Docebolms | 1 Docebolms | 2017-07-19 | 7.5 HIGH | N/A |
| connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains PHP script. | |||||
| CVE-2005-4095 | 1 Docebolms | 1 Docebolms | 2017-07-19 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type parameter in a GetFoldersAndFiles command. | |||||
| CVE-2005-4141 | 1 Aspmforum | 1 Aspmforum | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp. | |||||
| CVE-2005-4157 | 1 Kerio | 1 Winroute Firewall | 2017-07-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled. | |||||
| CVE-2005-4158 | 1 Todd Miller | 1 Sudo | 2017-07-19 | 4.6 MEDIUM | N/A |
| Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. | |||||
| CVE-2005-4162 | 1 Acme Labs | 1 Perlcal | 2017-07-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME PerlCal 2.99.20 allows remote attackers to inject arbitrary web script or HTML via the p0 parameter. | |||||
| CVE-2005-4164 | 1 Widgetmonkey | 1 Php-addressbook | 2017-07-19 | 7.5 HIGH | N/A |
| SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4165 | 1 Asp-dev | 1 Asp Resources Forum | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum allow remote attackers to execute arbitrary SQL commands via the (1) forum_id parameter to forum.asp, (2) unspecified parameters to register.asp, and (3) the "Search For" field in search.asp. | |||||
| CVE-2005-4169 | 1 Efiction Project | 1 Efiction | 2017-07-19 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php. | |||||