Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0775 | 1 Photopost | 1 Photopost Php Pro | 2017-07-10 | 7.5 HIGH | N/A |
| The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator. | |||||
| CVE-2005-0776 | 1 Photopost | 1 Photopost Php Pro | 2017-07-10 | 5.0 MEDIUM | N/A |
| adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos. | |||||
| CVE-2005-0777 | 1 Photopost | 1 Photopost Php Pro | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile. | |||||
| CVE-2005-0778 | 1 Photopost | 1 Photopost Php Pro | 2017-07-10 | 5.0 MEDIUM | N/A |
| PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif. | |||||
| CVE-2005-0781 | 1 Php Arena | 1 Pafiledb | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. | |||||
| CVE-2005-0782 | 1 Php Arena | 1 Pafiledb | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. | |||||
| CVE-2005-0785 | 1 Yabb | 1 Yabb | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2005-0786 | 1 Simpgb | 1 Simpgb | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. | |||||
| CVE-2005-0787 | 1 Wine | 1 Wine | 2017-07-10 | 2.1 LOW | N/A |
| Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. | |||||
| CVE-2005-0788 | 1 Limewire | 1 Limewire | 2017-07-10 | 5.0 MEDIUM | N/A |
| LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. | |||||
| CVE-2005-0789 | 1 Limewire | 1 Limewire | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request. | |||||
| CVE-2005-0790 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-10 | 5.0 MEDIUM | N/A |
| phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal the path in a PHP error message. | |||||
| CVE-2005-0791 | 1 Phpadsnew | 1 Phpadsnew | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. | |||||
| CVE-2005-0792 | 1 Zpanel | 1 Zpanel | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php. | |||||
| CVE-2005-0794 | 1 Zpanel | 1 Zpanel | 2017-07-10 | 6.4 MEDIUM | N/A |
| ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation scripts after they have been used, which allows remote attackers to reinstall the software and possibly cause a denial of service via a direct request to install.php. | |||||
| CVE-2005-0795 | 1 Hola | 1 Holacms | 2017-07-10 | 5.0 MEDIUM | N/A |
| HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter. | |||||
| CVE-2005-0802 | 1 Asp Press | 1 Acs Blog | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter. | |||||
| CVE-2005-0807 | 1 Oxid | 1 Cain And Abel | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters. | |||||
| CVE-2005-0808 | 1 Apache | 1 Tomcat | 2017-07-10 | 5.0 MEDIUM | N/A |
| Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007. | |||||
| CVE-2005-0814 | 1 Lysator | 1 Lsh | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors. | |||||