Total
29527 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1452 | 1 S9y | 1 Serendipity | 2008-09-05 | 10.0 HIGH | N/A |
| Serendipity before 0.8 allows Chief users to "hide plugins installed by other users." | |||||
| CVE-2005-1648 | 1 Gurgens | 1 Gurgens Ultimate Forum | 2008-09-05 | 7.5 HIGH | N/A |
| Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database file under the web document root with insufficient access control, which allows remote attackers to obtain and decrypt usernames and passwords. | |||||
| CVE-2005-1417 | 1 Maxwebportal | 1 Maxwebportal | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | |||||
| CVE-2005-1677 | 1 Groove | 2 Groove Workspace, Virtual Office | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects. | |||||
| CVE-2005-1399 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | |||||
| CVE-2005-1652 | 1 Woppoware | 1 Postmaster | 2008-09-05 | 7.5 HIGH | N/A |
| message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to bypass authentication by modifying the email parameter. | |||||
| CVE-2005-1711 | 3 Clam Anti-virus, Gibraltar, Squid | 3 Clamav, Gibraltar Firewall, Squid | 2008-09-05 | 7.5 HIGH | N/A |
| Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected. | |||||
| CVE-2005-1443 | 1 Invision Power Services | 1 Invision Power Board | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. | |||||
| CVE-2005-1433 | 1 Hp | 1 Openview Event Correlation Services | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2005-1423 | 1 Software602 | 1 602lan Suite | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter. | |||||
| CVE-2005-1575 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
| The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160. | |||||
| CVE-2005-1595 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 5.0 MEDIUM | N/A |
| CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. | |||||
| CVE-2005-1632 | 1 Tavis Rudd | 1 Cheetah | 2008-09-05 | 7.2 HIGH | N/A |
| Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/. | |||||
| CVE-2005-1403 | 1 Just Williams | 1 Amazon Webstore | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. | |||||
| CVE-2005-1400 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | |||||
| CVE-2005-1638 | 1 Pixel-apes Group | 1 Safehtml | 2008-09-05 | 4.3 MEDIUM | N/A |
| The _writeAttrs function in SafeHTML before 1.3.2 does not properly handle quotes in attribute values, which could allow remote attackers to exploit cross-site scripting (XSS) vulnerabilities in applications that rely on SafeHTML for protection. | |||||
| CVE-2005-1653 | 1 Woppoware | 1 Postmaster | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2005-1429 | 1 Abczone.it | 1 Wwwguestbook | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1658 | 1 Myserver | 1 Myserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a "..." (triple dot). | |||||
| CVE-2005-1651 | 1 Woppoware | 1 Postmaster | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the wmm parameter. | |||||