Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2453 | 1 Networkactiv | 1 Networkactiv Web Server | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string. | |||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2017-07-10 | 5.0 MEDIUM | N/A |
| Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | |||||
| CVE-2005-2466 | 1 Openbook | 1 Openbook | 2017-07-10 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter. | |||||
| CVE-2005-2469 | 1 Novell | 1 Netmail | 2017-07-10 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C and possibly earlier versions allows local users to execute arbitrary code via a long user name in the USER command. | |||||
| CVE-2005-2470 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2005-2472 | 1 Netcplus | 1 Businessmail | 2017-07-10 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands. | |||||
| CVE-2005-2473 | 1 Churchinfo | 1 Churchinfo | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php. | |||||
| CVE-2005-2474 | 1 Churchinfo | 1 Churchinfo | 2017-07-10 | 5.0 MEDIUM | N/A |
| ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message. | |||||
| CVE-2005-2476 | 1 Naxtor | 1 Shopping Cart | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2005-2477 | 1 Naxtor | 1 Shopping Cart | 2017-07-10 | 5.0 MEDIUM | N/A |
| shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability. | |||||
| CVE-2005-2478 | 1 Silver-scripts | 1 Silvernews | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel. | |||||
| CVE-2005-2480 | 1 Macromedia | 1 Coldfusion Fusebox | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm. | |||||
| CVE-2005-2482 | 1 Metasploit | 1 Metasploit Framework | 2017-07-10 | 5.0 MEDIUM | N/A |
| The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command. | |||||
| CVE-2005-2483 | 1 Karrigell | 1 Karrigell | 2017-07-10 | 7.5 HIGH | N/A |
| Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script. | |||||
| CVE-2005-2484 | 1 Denora Irc Stats | 1 Denora Irc Stats | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code. | |||||
| CVE-2005-2485 | 1 Logicampus | 1 Logicampus | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2487 | 1 Mcdata | 4 Intrepid 6064 Director Switch, Intrepid 6140 Director Switch, Sphereon 4300 Fabric Switch and 1 more | 2017-07-10 | 2.1 LOW | N/A |
| Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm. | |||||
| CVE-2005-2488 | 1 Web Content Management | 1 Web Content Management News System | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php. | |||||
| CVE-2005-2489 | 1 Web Content Management | 1 Web Content Management News System | 2017-07-10 | 7.5 HIGH | N/A |
| Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php. | |||||
| CVE-2005-2500 | 1 Linux | 1 Linux Kernel | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux kernel 2.6.12, as used in SuSE Linux Enterprise Server 9, might allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted XDR data for the nfsacl protocol. | |||||