Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4477 | 1 Papaya | 1 Papaya Cms | 2008-09-20 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter. | |||||
| CVE-2005-4598 | 1 Ooapp | 1 Ooapp Guestbook | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2005-4430 | 1 Logicnow | 1 Logicbill | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php. | |||||
| CVE-2005-4303 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php for ezDatabase 2.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the db_id parameter. | |||||
| CVE-2005-4308 | 1 Scriptscenter | 1 Ezupload Pro | 2008-09-20 | 7.5 HIGH | N/A |
| index.php in ezUpload Pro 2.2 and earlier allows remote attackers to include files via the mode parameter. | |||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2008-09-20 | 5.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | |||||
| CVE-2005-4366 | 1 Fad Solutions | 1 Drzes Hms | 2008-09-20 | 6.4 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137. | |||||
| CVE-2005-4304 | 1 Indexcor | 1 Ezdatabase | 2008-09-20 | 5.0 MEDIUM | N/A |
| index.php in ezDatabase 2.1.2 and earlier allows remote attackers to obtain sensitive information via an invalid cat_id parameter, which leaks the full pathname in an error message. NOTE: these details are uncertain because the original report has terminology problems and lack of relevant details. The description is based partially on feedback comments. | |||||
| CVE-2005-4333 | 1 Binary-concepts | 1 Binary Board System | 2008-09-20 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl. | |||||
| CVE-2005-4240 | 1 Vcd-db | 1 Vcd-db | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. | |||||
| CVE-2005-4230 | 1 Php Web Scripts | 1 Link Up Gold | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in poll.php in Link Up Gold 2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the number parameter. | |||||
| CVE-2005-4289 | 1 Edatcat | 1 Edatcat Shopping Cart System | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 allows remote attackers to inject arbitrary web script or HTML via the user_action parameter. | |||||
| CVE-2005-4205 | 1 Locazo | 1 Locazolist Classifieds | 2008-09-20 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. | |||||
| CVE-2005-4233 | 1 Php Web Scripts | 1 Ad Manager Pro | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in advertiser_statistic.php in Ad Manager Pro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ad_number parameter. | |||||
| CVE-2005-4335 | 1 Courseforum | 1 Projectforum | 2008-09-20 | 7.8 HIGH | N/A |
| ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html. | |||||
| CVE-2005-4017 | 1 Widget Press | 1 Widget Property | 2008-09-20 | 5.0 MEDIUM | N/A |
| property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message. | |||||
| CVE-2005-4008 | 1 Jax Calendar | 1 Jax Calendar | 2008-09-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameters. | |||||
| CVE-2005-4003 | 1 Asps | 1 Shopping Cart | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter to adv_search.asp and (2) b_search parameter to bsearch.asp. NOTE: the original disclosure was specifically only for an XSS issue, but the CVE description was for SQL injection. Since the original disclosure, SQL injection vectors have been reported. This CVE might be REJECTed or significantly altered pending additional information. | |||||
| CVE-2005-4009 | 1 Php Lite | 1 Calendar Express | 2008-09-20 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php. | |||||
| CVE-2007-0448 | 1 Php | 1 Php | 2008-09-11 | 10.0 HIGH | N/A |
| The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI. | |||||