Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0694 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-17 | 5.0 MEDIUM | N/A |
| Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under the web root, which allows remote attackers to obtain sensitive information via a direct request to HCDiskQuotaService.csv. | |||||
| CVE-2005-0695 | 1 Hosting Controller | 1 Hosting Controller | 2016-10-17 | 5.0 MEDIUM | N/A |
| The password recovery feature (forgotpassword.asp) in Hosting Controller 6.1 Hotfix 1.7 and earlier allows remote attackers to determine the owner's e-mail address by providing a portion of the domain name to the "login ID" field. | |||||
| CVE-2005-0701 | 1 Oracle | 1 Database Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename. | |||||
| CVE-2005-0721 | 1 Gamearena | 1 Experience2 | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0493 | 1 Seth M. Knorr | 1 Biz Mail Form | 2016-10-17 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter. | |||||
| CVE-2005-0506 | 1 Avaya | 2 Ip Office Phone Manager, Ip Soft Phone | 2016-10-17 | 5.0 MEDIUM | N/A |
| The Avaya IP Office Phone Manager, and other products such as the IP Softphone, stores sensitive data in cleartext in a registry key, which allows local and possibly remote users to steal usernames and passwords and impersonate other users via keys such as Avaya\IP400\Generic. | |||||
| CVE-2005-0507 | 1 Gd Software | 1 Sd Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request. | |||||
| CVE-2005-0509 | 2 Microsoft, Mono | 2 .net Framework, Mono | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | |||||
| CVE-2005-0511 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 7.5 HIGH | N/A |
| misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | |||||
| CVE-2005-0513 | 1 Pmachine | 1 Pmachine Pro | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086. | |||||
| CVE-2005-0516 | 1 Twiki | 1 Imagegalleryplugin | 2016-10-17 | 7.5 HIGH | N/A |
| The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. | |||||
| CVE-2005-0526 | 1 Pblang | 1 Pblang | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php. | |||||
| CVE-2005-0532 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 2.1 LOW | N/A |
| The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. | |||||
| CVE-2005-0537 | 1 Igeneric | 1 Free Shopping Cart | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters. | |||||
| CVE-2005-0540 | 1 Cyclades | 1 Alterpath Manager | 2016-10-17 | 5.0 MEDIUM | N/A |
| Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page. | |||||
| CVE-2005-0541 | 1 Cyclades | 1 Alterpath Manager | 2016-10-17 | 7.5 HIGH | N/A |
| consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter. | |||||
| CVE-2005-0542 | 1 Cyclades | 1 Alterpath Manager | 2016-10-17 | 4.6 MEDIUM | N/A |
| saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true. | |||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | |||||
| CVE-2005-0549 | 1 Sun | 1 Solaris Answerbook2 | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function. | |||||
| CVE-2005-0568 | 1 Raven Software | 1 Soldier Of Fortune 2 | 2016-10-17 | 5.0 MEDIUM | N/A |
| Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference. | |||||