Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2778 | 1 Mybulletinboard | 1 Mybulletinboard | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL statements via the fid parameter. | |||||
| CVE-2005-2779 | 1 Itan Online-banking Security System | 1 Itan Online-banking Security System | 2016-10-17 | 5.0 MEDIUM | N/A |
| The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack. | |||||
| CVE-2005-2780 | 1 Neocrome | 1 Land Down Under | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature. | |||||
| CVE-2005-2786 | 1 Cosmoshop | 1 Cosmoshop | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter. | |||||
| CVE-2005-2810 | 1 Urban | 1 Urban | 2016-10-17 | 7.2 HIGH | N/A |
| Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc. | |||||
| CVE-2005-2816 | 1 Greymatter | 1 Greymatter Forum | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator uses "View Control Panel Log" to read the log file. | |||||
| CVE-2005-2846 | 1 Cmsmadesimple | 1 Cms Made Simple | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter. | |||||
| CVE-2005-2847 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2016-10-17 | 7.5 HIGH | N/A |
| img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. | |||||
| CVE-2005-2849 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2016-10-17 | 6.4 MEDIUM | N/A |
| Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump. | |||||
| CVE-2005-2860 | 1 Nikto | 1 Nikto | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report. | |||||
| CVE-2005-2862 | 1 Road Runner | 1 Adsl Road Runner Modem | 2016-10-17 | 7.5 HIGH | N/A |
| ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access. | |||||
| CVE-2005-2863 | 1 Open Webmail | 1 Open Webmail | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | |||||
| CVE-2005-2864 | 1 Urban | 1 Urban | 2016-10-17 | 2.1 LOW | N/A |
| URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files. | |||||
| CVE-2005-2623 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-17 | 5.0 MEDIUM | N/A |
| ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of their shopping cart by specifying a negative quantity for an item, which causes the price of the item to be subtracted from the total cost. | |||||
| CVE-2005-2624 | 1 Cpaint | 1 Cpaint | 2016-10-17 | 5.0 MEDIUM | N/A |
| Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement. | |||||
| CVE-2005-2625 | 1 Cpaint | 1 Cpaint | 2016-10-17 | 7.5 HIGH | N/A |
| Incomplete blacklist vulnerability in the checkBlacklist function in CPAINT allows remote attackers to execute arbitrary commands via the (1) ExecuteGlobal function or (2) GetRef statement, which is not included in the blacklist. | |||||
| CVE-2005-2633 | 1 Phptb | 1 Topic Boards | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter. | |||||
| CVE-2005-2637 | 1 Phpfreenews | 1 Phpfreenews | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php. | |||||
| CVE-2005-2638 | 1 Phpfreenews | 1 Phpfreenews | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php. | |||||
| CVE-2005-2639 | 1 Valusoft | 1 Chris Moneymakers World Poker Championship | 2016-10-17 | 7.5 HIGH | N/A |
| Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname. | |||||