Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1220 | 1 Knusperleicht | 1 Shoutbox Script | 2017-07-10 | 7.5 HIGH | N/A |
| Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes. | |||||
| CVE-2005-1221 | 1 Ecommerce-carts | 1 Ecommpro | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-1222 | 1 Netref | 1 Netref | 2017-07-10 | 7.5 HIGH | N/A |
| cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php. | |||||
| CVE-2005-1223 | 1 Ocean12 Technologies | 1 Calendar Manager Pro | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. | |||||
| CVE-2005-1225 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. | |||||
| CVE-2005-1226 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-10 | 7.5 HIGH | N/A |
| Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2005-1227 | 1 Phprojekt | 1 Phprojekt | 2017-07-10 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. | |||||
| CVE-2005-1229 | 1 Gnu | 1 Cpio | 2017-07-10 | 4.6 MEDIUM | N/A |
| Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. | |||||
| CVE-2005-1233 | 1 Php Labs | 1 Profile | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Labs proFile allows remote attackers to inject arbitrary web script or HTML via the (1) dir or (2) file parameters. | |||||
| CVE-2005-1238 | 1 Ibm | 1 Iseries As 400 | 2017-07-10 | 7.5 HIGH | N/A |
| By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request. | |||||
| CVE-2005-1239 | 1 Raz-lee | 1 Security\+\+\+ | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1240 | 1 Castlehill | 1 Secure Net | 2017-07-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Castlehill, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1241 | 1 Powertech | 1 Powerlock Networksecurity | 2017-07-10 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in the third party tool from Powertech, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1242 | 1 Bsafe | 1 Global Security | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1243 | 1 Safestone Technologies | 1 Axcessit | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. | |||||
| CVE-2005-1244 | 1 Netiq | 1 Pssecure | 2017-07-10 | 7.5 HIGH | N/A |
| ** DISPUTED ** Directory traversal vulnerability in the third party tool from NetIQ, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request. NOTE: the vendor has disputed this issue, saying that "neither NetIQ Security Manager nor our iSeries Security Solutions are vulnerable." | |||||
| CVE-2005-1245 | 1 Mediawiki | 1 Mediawiki | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1270 | 1 Gentoo | 1 Rootkit Hunter | 2017-07-10 | 2.1 LOW | N/A |
| The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-1282 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. | |||||
| CVE-2005-1283 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | |||||