Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2012 | 1 Php Arena | 1 Pafaq | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) id parameters. | |||||
CVE-2005-2013 | 1 Php Arena | 1 Pafaq | 2016-10-17 | 5.0 MEDIUM | N/A |
paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive information via a direct request to admin/backup.php, which contains a backup of the database including usernames and passwords. | |||||
CVE-2005-2014 | 1 Php Arena | 1 Pafaq | 2016-10-17 | 4.6 MEDIUM | N/A |
The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote authenticated administrators to execute arbitrary PHP commands by uploading a malicious language pack. | |||||
CVE-2005-2028 | 1 Mercuryboard | 1 Mercuryboard Message Board | 2016-10-17 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. | |||||
CVE-2005-2030 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat. | |||||
CVE-2005-2033 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-17 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter. | |||||
CVE-2005-2034 | 1 Blue-collar Productions | 1 I-gallery | 2016-10-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in folderview.asp for BlueCollar iGallery 3.3 allows remote attackers to inject arbitrary web script or HTML via the folder parameter. | |||||
CVE-2005-2045 | 1 Duware | 1 Duportal Pro | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to default.asp, (2) iData parameter to detail.asp, (3) iMem parameter to members.asp, (4) iCat parameter to cat.asp, (5) offset parameter to members_listing_approval.asp, or (6) iChannel parameter to channels_edit.asp. | |||||
CVE-2005-2046 | 1 Duware | 1 Duamazon Pro | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iSub parameter to sub.asp, (3) iSub parameter to detail.asp, (4) iPro parameter to review.asp, iCat parameter to (5) catEdit.asp, (6) catDelete.asp, (7) productEdit.asp, or (8) productDelete.asp, or (9) iType parameter to type.asp. | |||||
CVE-2005-2047 | 1 Duware | 1 Dupaypal Pro | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) iCat parameter to cat.asp, (2) iPro parameter to detail.asp, (3) iSub parameter to sub.asp, (4) iCat parameter to catEdit.asp. | |||||
CVE-2005-2049 | 1 Duware | 1 Duclassmate | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) iState parameter to default.asp or (2) iPro parameter to edit.asp. | |||||
CVE-2005-2051 | 1 Symantec Veritas | 1 Backup Exec | 2016-10-17 | 7.5 HIGH | N/A |
Buffer overflow in the VERITAS Backup Exec Web Administration Console (BEWAC) 9.0 4367 through 10.0 rev. 5484 allows remote attackers to execute arbitrary code. | |||||
CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2016-10-17 | 5.1 MEDIUM | N/A |
Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | |||||
CVE-2005-2053 | 1 Salims Softhouse | 1 Jaf Cms | 2016-10-17 | 5.0 MEDIUM | N/A |
Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability. | |||||
CVE-2005-2057 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-17 | 6.8 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php. | |||||
CVE-2005-2058 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to execute arbitrary SQL commands via the Number parameter to (1) download.php, (2) modifypost.php, (3) mailthread.php, or (4) notifymod.php, (5) month or (6) year parameter to calendar.php, (7) message parameter to viewmessage.php, (8) main parameter to addfav.php, or (9) posted parameter to grabnext.php. | |||||
CVE-2005-2059 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-17 | 5.0 MEDIUM | N/A |
Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag. | |||||
CVE-2005-2060 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-17 | 5.0 MEDIUM | N/A |
Multiple HTTP Response Splitting vulnerabilities in (1) toggleshow.php, (2) togglecats.php, and (3) showprofile.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the Cat parameter. | |||||
CVE-2005-2061 | 1 Ubbcentral | 1 Ubb.threads | 2016-10-17 | 5.0 MEDIUM | N/A |
Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include arbitrary files via the language parameter in a cookie followed by a null (%00) byte. | |||||
CVE-2005-2063 | 1 Active Web Softwares | 1 Activebuyandsell | 2016-10-17 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in ActiveBuyAndSell 6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Title parameter to sendpassword.asp or (2) Keyword field in search.asp. |