Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1380 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action. | |||||
| CVE-2005-1381 | 1 Oracle | 1 Application Server Web Cache | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter. | |||||
| CVE-2005-1382 | 1 Oracle | 1 Application Server Web Cache | 2017-07-10 | 5.0 MEDIUM | N/A |
| The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter. | |||||
| CVE-2005-1383 | 1 Oracle | 1 Application Server | 2017-07-10 | 7.5 HIGH | N/A |
| The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778. | |||||
| CVE-2005-1384 | 1 Coinsoft Technologies | 1 Phpcoin | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php. | |||||
| CVE-2005-1391 | 1 Apsis | 1 Pound | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header. | |||||
| CVE-2005-1397 | 1 Php-calendar | 1 Php-calendar | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-1405 | 1 Ibm | 1 Lotus Notes | 2017-07-10 | 2.1 LOW | N/A |
| HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications. | |||||
| CVE-2005-1411 | 1 Cybration | 1 Icuii | 2017-07-10 | 4.6 MEDIUM | N/A |
| Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges. | |||||
| CVE-2005-1413 | 1 Envivosoft | 1 Envivo Cms | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp. | |||||
| CVE-2005-1414 | 1 Exoticsoft | 1 Filepocket | 2017-07-10 | 4.6 MEDIUM | N/A |
| ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges. | |||||
| CVE-2005-1418 | 1 Netleaf Limited | 1 Notjustbrowsing | 2017-07-10 | 4.6 MEDIUM | N/A |
| NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges. | |||||
| CVE-2005-1424 | 1 Stumbleinside | 1 Gotext | 2017-07-10 | 2.1 LOW | N/A |
| StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information. | |||||
| CVE-2005-1427 | 1 Uapplication | 1 Uphotogallery | 2017-07-10 | 7.5 HIGH | N/A |
| Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. | |||||
| CVE-2005-1428 | 1 Uapplication | 1 Uphotogallery | 2017-07-10 | 7.5 HIGH | N/A |
| edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. | |||||
| CVE-2005-1441 | 1 Ibm | 1 Lotus Domino | 2017-07-10 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC). | |||||
| CVE-2005-1442 | 1 Ibm | 1 Lotus Notes | 2017-07-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file. | |||||
| CVE-2005-1478 | 1 Netwin | 1 Dmail | 2017-07-10 | 7.5 HIGH | N/A |
| Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. | |||||
| CVE-2005-1479 | 1 Jgs-xa | 1 Jgs-portal | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-1480 | 1 Raiden Professional Servers | 1 Raidenftpd | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command. | |||||