Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1017 | 1 Maxwebportal | 1 Maxwebportal | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp. | |||||
| CVE-2005-1019 | 1 Aeon | 1 Aeon | 2017-07-10 | 7.2 HIGH | N/A |
| Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable. | |||||
| CVE-2005-1023 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module. NOTE: the bid parameter issue in banners.php is already an item in CVE-2005-1000. | |||||
| CVE-2005-1024 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 5.0 MEDIUM | N/A |
| modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message. | |||||
| CVE-2005-1027 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. | |||||
| CVE-2005-1029 | 1 Active Web Softwares | 1 Active Auction House | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp. | |||||
| CVE-2005-1030 | 1 Active Web Softwares | 1 Active Auction House | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp. | |||||
| CVE-2005-1031 | 2 E-xoops, Runcms | 2 E-xoops, Runcms | 2017-07-10 | 5.0 MEDIUM | N/A |
| RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. | |||||
| CVE-2005-1034 | 1 Netwin | 1 Surgeftp | 2017-07-10 | 5.0 MEDIUM | N/A |
| SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. | |||||
| CVE-2005-1045 | 1 Centrinity | 1 Centrinity Firstclass Desktop Client | 2017-07-10 | 7.5 HIGH | N/A |
| OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark. | |||||
| CVE-2005-1048 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not reproduce the issues for 760 RC3, or for .750. | |||||
| CVE-2005-1049 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-10 | 2.6 LOW | N/A |
| Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php. NOTE: the vendor reports that certain issues could not be reproduced for 760 RC3, or for .750. However, the op/user.php issue exists when the pnAntiCracker setting is disabled. | |||||
| CVE-2005-1050 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-10 | 5.0 MEDIUM | N/A |
| The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message. | |||||
| CVE-2005-1052 | 1 Microsoft | 2 Outlook, Outlook Web Access | 2017-07-10 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses. | |||||
| CVE-2005-1053 | 1 Moderngigabyte | 1 Modernbill | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters. | |||||
| CVE-2005-1054 | 1 Moderngigabyte | 1 Modernbill | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1055 | 1 Towerblog | 1 Towerblog | 2017-07-10 | 7.5 HIGH | N/A |
| TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login file. | |||||
| CVE-2005-1056 | 1 Hp | 1 Openview Network Node Manager | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. | |||||
| CVE-2005-1059 | 1 Linksys | 1 Wet11 | 2017-07-10 | 2.1 LOW | N/A |
| Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. | |||||
| CVE-2005-1060 | 1 Novell | 1 Netware | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. | |||||