Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1284 | 1 Argosoft | 1 Argosoft Mail Server | 2017-07-10 | 7.5 HIGH | N/A |
| The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | |||||
| CVE-2005-1291 | 1 Cartwiz | 1 Asp Cart | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | |||||
| CVE-2005-1292 | 1 Elemental Software | 1 Cartwiz | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. | |||||
| CVE-2005-1307 | 2 Adobe, Apple | 2 Version Cue, Mac Os X | 2017-07-10 | 7.2 HIGH | N/A |
| The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. | |||||
| CVE-2005-1323 | 1 Intersoft | 1 Netterm | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command. | |||||
| CVE-2005-1324 | 1 Matthieu Aubry | 1 Phpmyvisites | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters. | |||||
| CVE-2005-1347 | 1 Adobe | 1 Acrobat Reader | 2017-07-10 | 2.6 LOW | N/A |
| ** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service ("Invalid-ID-Handle-Error" error) and modify memory beginning at a particular address, possibly allowing the execution of arbitrary code, via a crafted PDF file. NOTE: the vendor has stated that the reporter refused to provide sufficient details to confirm the issue. In addition, due to the lack of details in the original advisory, an independent verification is not possible. Finally, the reliability of the original reporter is unknown. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example of the newly defined UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is highly likely that this item will be REJECTED. | |||||
| CVE-2005-1349 | 1 Perl | 1 Convert Uulib | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. | |||||
| CVE-2005-1360 | 1 Graycms | 1 Graycms | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1361 | 1 Metalinks | 1 Metacart E-shop | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp. | |||||
| CVE-2005-1364 | 1 Metalinks | 1 Metabid Auctions | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp. | |||||
| CVE-2005-1370 | 1 Hp | 1 Openview Radia Management Portal | 2017-07-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors. | |||||
| CVE-2005-1371 | 1 Bulletproof | 1 Bulletproof Ftp Server | 2017-07-10 | 7.2 HIGH | N/A |
| BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges. | |||||
| CVE-2005-1372 | 1 Bakbone | 1 Netvault | 2017-07-10 | 4.6 MEDIUM | N/A |
| nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu. | |||||
| CVE-2005-1373 | 1 Dream4 | 1 Koobi Cms | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters. | |||||
| CVE-2005-1374 | 1 Claroline | 1 Claroline | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php. | |||||
| CVE-2005-1375 | 1 Claroline | 1 Claroline | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php. | |||||
| CVE-2005-1376 | 1 Claroline | 1 Claroline | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files. | |||||
| CVE-2005-1377 | 1 Claroline | 1 Claroline | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors. | |||||
| CVE-2005-1378 | 1 Oxpus | 1 Phpbb Personal Notes Module | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors. | |||||