Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-2064 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-17 | 5.0 MEDIUM | N/A |
Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to forgot_password.asp, or the (2) FirstName, (3) LastName, (4) Username, (5) Password, (6) Address1, (7) Address2, (8) City, (9) ZipCode, (10) Email parameter to register.asp. | |||||
CVE-2005-2065 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-17 | 5.0 MEDIUM | N/A |
HTTP response splitting vulnerability in language_select.asp in ASP Nuke 0.80 allows remote attackers to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the LangCode parameter. | |||||
CVE-2005-2066 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-17 | 7.5 HIGH | N/A |
SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 allows remote attackers to execute arbitrary SQL statements via the TaskID parameter. | |||||
CVE-2005-2067 | 1 Asp-nuke | 1 Asp-nuke | 2016-10-17 | 7.5 HIGH | N/A |
SQL injection vulnerability in article.asp in unknown versions of aspnuke allows remote attackers to execute arbitrary SQL commands via the articleid parameter. | |||||
CVE-2005-2071 | 1 Sun | 1 Solaris | 2016-10-17 | 4.6 MEDIUM | N/A |
traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . (dot). | |||||
CVE-2005-2082 | 1 Cgi-club | 1 Imtrset | 2016-10-17 | 5.0 MEDIUM | N/A |
im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter. | |||||
CVE-2005-2084 | 1 Telligent Systems | 1 Community Server Forums | 2016-10-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
CVE-2005-2085 | 1 Infradig Systems | 1 Inframail Advantage | 2016-10-17 | 5.0 MEDIUM | N/A |
Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | |||||
CVE-2005-2086 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 7.5 HIGH | N/A |
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | |||||
CVE-2005-2106 | 1 Drupal | 1 Drupal | 2016-10-17 | 5.0 MEDIUM | N/A |
Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | |||||
CVE-2005-1840 | 1 Phpcms | 1 Phpcms | 2016-10-17 | 5.0 MEDIUM | N/A |
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php. | |||||
CVE-2005-1850 | 1 Ekg | 1 Ekg | 2016-10-17 | 10.0 HIGH | N/A |
Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916. | |||||
CVE-2005-1851 | 1 Ekg | 1 Ekg | 2016-10-17 | 10.0 HIGH | N/A |
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors. | |||||
CVE-2005-1870 | 1 Popper | 1 Popper | 2016-10-17 | 5.0 MEDIUM | N/A |
PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter. | |||||
CVE-2005-1871 | 1 Drupal | 1 Drupal | 2016-10-17 | 7.5 HIGH | N/A |
Unknown vulnerability in the privilege system in Drupal 4.4.0 through 4.6.0, when public registration is enabled, allows remote attackers to gain privileges, due to an "input check" that "is not implemented properly." | |||||
CVE-2005-1872 | 1 Ibm | 1 Websphere Application Server | 2016-10-17 | 7.5 HIGH | N/A |
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code. | |||||
CVE-2005-1875 | 1 Exhibit Engine | 1 Exhibit Engine | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter. | |||||
CVE-2005-1876 | 1 Cutephp | 1 Cutenews | 2016-10-17 | 4.6 MEDIUM | N/A |
Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file. | |||||
CVE-2005-1891 | 1 Aol | 1 Instant Messenger | 2016-10-17 | 5.0 MEDIUM | N/A |
The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 and earlier allows remote attackers to cause a denial of service (crash) via a malformed buddy icon that causes an integer underflow in a loop counter variable. | |||||
CVE-2005-1899 | 1 Rakkarsoft | 1 Raknet | 2016-10-17 | 5.0 MEDIUM | N/A |
Rakkarsoft RakNet network library 2.33 and earlier, when released before 30 May 2005, and as used in multiple products including nFusion Elite Warriors: Vietnam, allows remote attackers to cause a denial of service (infinite loop) via a zero-byte UDP packet. |