Total
210374 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2005-1905 | 1 Kaspersky Lab | 2 Kaspersky Anti-virus, Kaspersky Anti-virus Personal | 2016-10-17 | 7.2 HIGH | N/A |
The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs. | |||||
CVE-2005-1916 | 1 Ekg | 1 Ekg | 2016-10-17 | 2.1 LOW | N/A |
linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | |||||
CVE-2005-1931 | 1 Goodtech Systems | 1 Goodtech Smtp Server | 2016-10-17 | 5.0 MEDIUM | N/A |
GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character. | |||||
CVE-2005-1943 | 1 Loki | 1 Loki Download Manager Catgory Version | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp. | |||||
CVE-2005-1944 | 1 Xmysqladmin | 1 Xmysqladmin | 2016-10-17 | 2.1 LOW | N/A |
xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp. | |||||
CVE-2005-1945 | 1 Invision Power Services | 1 Invision Community Blog | 2016-10-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the convert_highlite_words function in Invision Blog before 1.1.2 Final allows remote attackers to inject arbitrary web script or HTML via double hex encoded highlight data. | |||||
CVE-2005-1946 | 1 Invision Power Services | 1 Invision Community Blog | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 Final allow remote attackers to execute arbitrary SQL commands via the (1) eid parameter to an editentry, replyentry, or editcomment action, or (2) the mid parameter to an aboutme action. | |||||
CVE-2005-1947 | 1 Invision Power Services | 1 Invision Gallery | 2016-10-17 | 5.0 MEDIUM | N/A |
Cross-site request forgery (CSRF) vulnerability in Invision Gallery before 1.3.1 allows remote attackers to delete albums and images as another user via a link or IMG tag to the (1) albums or (2) delimg actions. | |||||
CVE-2005-1948 | 1 Invision Power Services | 1 Invision Gallery | 2016-10-17 | 7.5 HIGH | N/A |
Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo. | |||||
CVE-2005-1949 | 1 E107 | 1 E107 | 2016-10-17 | 7.5 HIGH | N/A |
The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter. | |||||
CVE-2005-1950 | 1 Darryl Burgdorf | 1 Webhints | 2016-10-17 | 7.5 HIGH | N/A |
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | |||||
CVE-2005-1951 | 1 Oscommerce | 1 Oscommerce | 2016-10-17 | 5.0 MEDIUM | N/A |
Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php. | |||||
CVE-2005-1952 | 1 Pico Server | 1 Pico Server | 2016-10-17 | 7.5 HIGH | N/A |
Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count. | |||||
CVE-2005-1953 | 1 Pico Server | 1 Pico Server | 2016-10-17 | 7.5 HIGH | N/A |
Heap-based buffer overflow in the CGI extension for Pico Server (pServ) 3.3 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
CVE-2005-1954 | 1 Singapore | 1 Singapore | 2016-10-17 | 5.0 MEDIUM | N/A |
singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message. | |||||
CVE-2005-1955 | 1 Singapore | 1 Singapore | 2016-10-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter. | |||||
CVE-2005-1956 | 1 File Upload Manager | 1 File Upload Manager | 2016-10-17 | 5.0 MEDIUM | N/A |
File Upload Manager allows remote attackers to upload arbitrary files by modifying the test variable to contain a value of '~~~~~~' (six tildes), which bypasses the file extension checks. | |||||
CVE-2005-1957 | 1 Adam Mmedici | 1 File Upload Manager | 2016-10-17 | 7.5 HIGH | N/A |
mtnpeak.net File Upload Manager does not properly check user authentication for certain actions, which allows remote attackers to provide a modified base64-encoded file parameter and (1) read arbitrary files via the "view" action or (2) delete arbitrary files via the del action. | |||||
CVE-2005-1966 | 1 E107 | 1 E107 | 2016-10-17 | 7.5 HIGH | N/A |
The eTrace_validaddr function in eTrace plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the etrace_host parameter. | |||||
CVE-2005-1973 | 1 Sun | 1 J2se | 2016-10-17 | 5.1 MEDIUM | N/A |
Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges. |