Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1974 | 1 Sun | 1 J2se | 2016-10-17 | 5.1 MEDIUM | N/A |
| Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges. | |||||
| CVE-2005-1997 | 1 Mcgallery | 1 Mcgallery | 2016-10-17 | 5.0 MEDIUM | N/A |
| show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter. | |||||
| CVE-2005-1998 | 1 Mcgallery | 1 Mcgallery | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. | |||||
| CVE-2005-1999 | 1 Php Arena | 1 Pafiledb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php). | |||||
| CVE-2005-2000 | 1 Php Arena | 1 Pafiledb | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the formname parameter (1) in the login form, (2) in the team login form, or (3) to auth.php, (4) select, (5) id, or (6) query parameter to pafiledb.php, or (7) string parameter to search.php. | |||||
| CVE-2005-2001 | 1 Php Arena | 1 Pafiledb | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) in the action parameter. | |||||
| CVE-2005-2002 | 1 Mambo | 1 Mambo | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in content.php in Mambo 4.5.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user_rating parameter. | |||||
| CVE-2005-2003 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message. | |||||
| CVE-2005-2004 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php, (5) newpost.php, (6) email.php, (7) icq.php, or (8) aol.php, (9) t_id parameter to newpost.php, (10) ref parameter to getpass.php, or (11) sText parameter to search.php. | |||||
| CVE-2005-2005 | 1 Ultimate Php Board | 1 Ultimate Php Board | 2016-10-17 | 5.0 MEDIUM | N/A |
| Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat. | |||||
| CVE-2005-1702 | 1 Black Cactus | 2 Warrior Kings, Warrior Kings Battles | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in Warrior Kings: Battles 1.23 and earlier and Warrior Kings 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a nickname. | |||||
| CVE-2005-1703 | 1 Black Cactus | 1 Warrior Kings Battles | 2016-10-17 | 5.0 MEDIUM | N/A |
| Warrior Kings: Battles 1.23 and earlier allows remote attackers to cause a denial of service (server crash) via a partial join packet that triggers a NULL pointer dereference. | |||||
| CVE-2005-1708 | 1 Bluecoat | 1 Reporter | 2016-10-17 | 4.6 MEDIUM | N/A |
| templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true. | |||||
| CVE-2005-1710 | 1 Bluecoat | 1 Reporter | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat Reporter before 7.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the username in an Add User window or (2) the license key (volatile.license_to_add parameter) in the Licensing page. | |||||
| CVE-2005-1725 | 1 Apple | 1 Mac Os X Server | 2016-10-17 | 2.1 LOW | N/A |
| launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory. | |||||
| CVE-2005-1732 | 1 Metro Marketing | 1 Cookie Cart | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cookie Cart allows remote attackers to read the Order Notification list via the testmycgi and path parameters to testmy.cgi. | |||||
| CVE-2005-1733 | 1 Metro Marketing | 1 Cookie Cart | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cookie Cart stores the password file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and encrypted passwords via a direct request to passwd.txt. | |||||
| CVE-2005-1752 | 1 Gforge | 1 Gforge | 2016-10-17 | 6.4 MEDIUM | N/A |
| viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. | |||||
| CVE-2005-1753 | 1 Sun | 1 Javamail | 2016-10-17 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products." | |||||
| CVE-2005-1754 | 2 Apache Tomcat, Sun | 2 Apache Tomcat, Javamail | 2016-10-17 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products." | |||||