Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1064 | 1 Rsnapshot | 1 Filesystem Snapshot Utility | 2016-10-17 | 4.6 MEDIUM | N/A |
| The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary files. | |||||
| CVE-2005-1071 | 1 Jportal | 1 Jportal Web Portal | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. | |||||
| CVE-2005-1077 | 1 Xampp | 1 Apache Distribution | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. | |||||
| CVE-2005-1078 | 1 Xampp | 1 Apache Distribution | 2016-10-17 | 7.5 HIGH | N/A |
| XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. | |||||
| CVE-2005-1079 | 1 Mike De Boer | 1 Zoom Media Gallery | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. | |||||
| CVE-2005-1102 | 1 Wordpress | 1 Wordpress | 2016-10-17 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post. | |||||
| CVE-2005-1103 | 1 Sygate Technologies | 1 Security Agent | 2016-10-17 | 4.6 MEDIUM | N/A |
| Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through 4.1 does not prevent the security policy from being updated by unprivileged users, which allows local users to modify the policy by exporting the policy file, changing it, and importing it back into SSA. | |||||
| CVE-2005-1104 | 1 Centra | 1 Centra | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields. | |||||
| CVE-2005-1105 | 1 Sun | 1 Javamail | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in the Content-Disposition header. | |||||
| CVE-2005-1106 | 1 Apple | 1 Quicktime Pictureviewer | 2016-10-17 | 5.0 MEDIUM | N/A |
| PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow. | |||||
| CVE-2005-1115 | 2 Phpbb Group, Smartor | 2 Phpbb, Photo Album | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php. | |||||
| CVE-2005-1116 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php. | |||||
| CVE-2005-1117 | 1 All4www | 1 All4www-homepagecreator | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-1133 | 1 Ibm | 1 Iseries As 400 | 2016-10-17 | 5.0 MEDIUM | N/A |
| The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server. | |||||
| CVE-2005-1135 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-1136 | 1 Sphpblog | 1 Sphpblog | 2016-10-17 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files. | |||||
| CVE-2005-1137 | 1 Alexander Palmo | 1 Simple Php Blog | 2016-10-17 | 5.0 MEDIUM | N/A |
| Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message. | |||||
| CVE-2005-1141 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-17 | 7.5 HIGH | N/A |
| Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when using the netpbm library, allows remote attackers to execute arbitrary code via a PNM file with large width and height values, which leads to a heap-based buffer overflow. | |||||
| CVE-2005-1142 | 1 Gocr | 1 Optical Character Recognition Utility | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the readpgm function in pnm.c for GOCR 0.40, when it is not using netpbm, allows remote attackers to execute arbitrary code via a P3 format PNM file with more data than implied by its width and height values. | |||||
| CVE-2005-1166 | 1 Dameware Development | 2 Dameware Nt Utilities, Miniremote Control | 2016-10-17 | 2.1 LOW | N/A |
| The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information. | |||||