Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2527 | 1 Sun | 1 Java | 2017-07-10 | 1.2 LOW | N/A |
| Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. | |||||
| CVE-2005-2529 | 1 Sun | 1 Java | 2017-07-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | |||||
| CVE-2005-2530 | 1 Sun | 1 Java | 2017-07-10 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." | |||||
| CVE-2005-2536 | 1 Pstotext | 1 Pstotext | 2017-07-10 | 7.5 HIGH | N/A |
| pstotext before 1.8g does not properly use the "-dSAFER" option when calling Ghostscript to extract plain text from PostScript and PDF files, which allows remote attackers to execute arbitrary commands via a malicious PostScript file. | |||||
| CVE-2005-2539 | 1 Flatnuke | 1 Flatnuke | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter to structure.php, (5) admin, (6) admin_mail, or (7) back parameter to footer.php, or (8) the message body in a news post. | |||||
| CVE-2005-2540 | 1 Flatnuke | 1 Flatnuke | 2017-07-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a PHP script without a preceding comment character, which can then be executed by a direct request. | |||||
| CVE-2005-2544 | 1 Comdev | 1 Comdev Ecommerce | 2017-07-10 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter. | |||||
| CVE-2005-2545 | 1 Phpopenchat | 1 Phpopenchat | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields in userpage.php, (4) subject or (5) body in mail.php, or (8) disinvited_chatter or (7) invited_chatter parameter to invite.php. | |||||
| CVE-2005-2554 | 1 Network Associates | 1 Epolicy Orchestrator Agent | 2017-07-10 | 2.1 LOW | N/A |
| The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common Framework\Db" folder, which allows local users to read arbitrary files by creating a subfolder in the EPO agent web root directory. | |||||
| CVE-2005-2557 | 3 Debian, Gentoo, Mantis | 3 Debian Linux, Linux, Mantis | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. | |||||
| CVE-2005-2562 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the login field. | |||||
| CVE-2005-2564 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-10 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in editcss.php in Gravity Board X (GBX) 1.1 allows remote attackers to execute arbitrary PHP code, HTML, and script via the csscontent parameter, which is directly inserted into the gbxfinal.css file. | |||||
| CVE-2005-2565 | 1 Gravity Board X Development Team | 1 Gravity Board X | 2017-07-10 | 5.0 MEDIUM | N/A |
| Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) /forms/admininfo.php, (8) /forms/announcements.php, (9) forms/banform.php, or (10) other pages in the /forms directory, which reveal the path in an error message. | |||||
| CVE-2005-2587 | 1 Phptb | 1 Topic Boards | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards 2.0 allows remote attackers to execute arbitrary SQL commands via the mid parameter. | |||||
| CVE-2005-2590 | 1 Parlano | 1 Mindalign | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-2591 | 1 Parlano | 1 Mindalign | 2017-07-10 | 5.0 MEDIUM | N/A |
| Parlano MindAlign 5.0 and later versions allows remote attackers to list valid users via unknown vectors, aka the "User Enumeration" vulnerability. | |||||
| CVE-2005-2592 | 1 Parlano | 1 Mindalign | 2017-07-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in Parlano MindAlign 5.0 and later versions allows remote attackers to bypass authentication via unknown vectors. | |||||
| CVE-2005-2593 | 1 Parlano | 1 Mindalign | 2017-07-10 | 10.0 HIGH | N/A |
| Parlano MindAlign 5.0 and later versions uses weak encryption, with unknown impact and attack vectors. | |||||
| CVE-2005-2597 | 1 Aol | 1 Aol Client Software | 2017-07-10 | 7.2 HIGH | N/A |
| AOL Client Software 9.0 uses insecure permissions for its installation path, which allows local users to execute arbitrary code with SYSTEM privileges by replacing ACSD.exe with a malicious program. | |||||
| CVE-2005-2599 | 1 Hummingbird | 1 Connectivity | 2017-07-10 | 7.5 HIGH | N/A |
| Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial encoding) to store the user's password in the FTP profile, which allows attackers to gain privileges. | |||||