Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2586 | 1 Mentor | 1 Adslfr4ii | 2016-10-17 | 2.1 LOW | N/A |
| Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web administration password in cleartext in the backup configuration file, which allows local users to obtain sensitive information. | |||||
| CVE-2005-2621 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-17 | 5.0 MEDIUM | N/A |
| index.php in ECW-Shop 6.0.2 allows remote attackers to obtain sensitive information via the (1) min or (2) max parameter with a "'" (single quote), which reveals the path in an error message, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-2622 | 1 Ecw-shop | 1 Ecw-shop | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 6.0.2 allows remote attackers to inject arbitrary web script or HTML via the (1) max or (2) ctg parameter. | |||||
| CVE-2005-2431 | 1 Gforge | 1 Gforge | 2016-10-17 | 5.0 MEDIUM | N/A |
| The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb). | |||||
| CVE-2005-2460 | 1 Kayako | 1 Liveresponse | 2016-10-17 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message. | |||||
| CVE-2005-2461 | 1 Kayako | 1 Liveresponse | 2016-10-17 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter. | |||||
| CVE-2005-2462 | 1 Kayako | 1 Liveresponse | 2016-10-17 | 2.1 LOW | N/A |
| Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges. | |||||
| CVE-2005-2463 | 1 Kayako | 1 Liveresponse | 2016-10-17 | 6.4 MEDIUM | N/A |
| Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message. | |||||
| CVE-2005-2464 | 1 Pcxp Toppe Cms | 1 Pcxp Toppe Cms | 2016-10-17 | 7.5 HIGH | N/A |
| login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid. | |||||
| CVE-2005-2465 | 2 Pc-experience, Toppe | 2 Pc-experience, Toppe Cms | 2016-10-17 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable. | |||||
| CVE-2005-2467 | 1 Mysql | 1 Eventum | 2016-10-17 | 5.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php. | |||||
| CVE-2005-2468 | 1 Mysql | 1 Eventum | 2016-10-17 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php. | |||||
| CVE-2005-2481 | 1 Macromedia | 1 Coldfusion Fusebox | 2016-10-17 | 5.0 MEDIUM | N/A |
| ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. | |||||
| CVE-2005-2288 | 1 Phpcounter | 1 Phpcounter | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows remote attackers to inject arbitrary web script or HTML via the EpochPrefix parameter. | |||||
| CVE-2005-2289 | 1 Phpcounter | 1 Phpcounter | 2016-10-17 | 5.0 MEDIUM | N/A |
| PHPCounter 7.2 allows remote attackers to obtain sensitive information via a direct request to prelims.php, which reveals the path in an error message. | |||||
| CVE-2005-2290 | 1 Wps | 1 Web Portal System | 2016-10-17 | 10.0 HIGH | N/A |
| wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and (2) cat variables. | |||||
| CVE-2005-2291 | 1 Oracle | 1 Jdeveloper | 2016-10-17 | 4.6 MEDIUM | N/A |
| Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext password as a parameter when starting sqlplus, which allows local users to gain sensitive information. | |||||
| CVE-2005-2296 | 1 Yabb | 1 Yabb | 2016-10-17 | 5.0 MEDIUM | N/A |
| YabbSE 1.5.5c allows remote attackers to obtain sensitive information via a direct request to ssi_examples.php, which reveals the path. | |||||
| CVE-2005-2297 | 1 Sybase | 1 Easerver | 2016-10-17 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter. | |||||
| CVE-2005-2298 | 1 Softwin | 1 Bitdefender Engine | 2016-10-17 | 5.0 MEDIUM | N/A |
| BitDefender Engine 1.6.1 and earlier does not properly scan all attachments, which allows remote attackers to bypass virus scanning via begin and end commands in the body of the e-mail, which BitDefender treats as a uuencoded attachment and stops scanning afterwards. | |||||