Total
304758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1593 | 1 Codethat | 1 Shoppingcart | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2005-1404 | 1 Myphp Forum | 1 Myphp Forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php. | |||||
| CVE-2005-1590 | 1 Altiris | 2 Client Service, Deployment Solution | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection, disabling the "Hide client tray icon box" option, then opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2004-2070. | |||||
| CVE-2005-1727 | 1 Apple | 1 Mac Os X Server | 2008-09-05 | 3.7 LOW | N/A |
| Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and group-writable permissions for the (1) system cache folder and (2) Dashboard system widgets, which allows local users to conduct unauthorized file operations via "file race conditions." | |||||
| CVE-2005-1473 | 1 Apple | 1 Mac Os X | 2008-09-05 | 4.6 MEDIUM | N/A |
| SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical access to bypass the locked screensaver and launch background applications by opening a URL from a text input field. | |||||
| CVE-2005-1678 | 1 Groove | 2 Groove Workspace, Virtual Office | 2008-09-05 | 2.6 LOW | N/A |
| Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 does not properly display file extensions on attached or embedded files in a compound document, which may allow remote attackers to trick users into executing malicious code. | |||||
| CVE-2005-1570 | 1 Battleaxe Software | 1 Bttlxeforum | 2008-09-05 | 5.0 MEDIUM | N/A |
| forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability. | |||||
| CVE-2005-1419 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. | |||||
| CVE-2005-1438 | 1 Osticket | 1 Osticket | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter. | |||||
| CVE-2005-1402 | 1 Mtp-target | 1 Mtp-target | 2008-09-05 | 5.0 MEDIUM | N/A |
| Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison. | |||||
| CVE-2005-1440 | 1 Codetosell | 1 Viart Shop Enterprise | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php. | |||||
| CVE-2005-1448 | 1 S9y | 1 Serendipity | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1625 | 1 Adobe | 1 Acrobat Reader | 2008-09-05 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. | |||||
| CVE-2005-1581 | 1 Eric Fichot | 1 Bug Report | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php. | |||||
| CVE-2005-1447 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter. | |||||
| CVE-2005-1629 | 1 Photopost | 1 Photopost Php Pro | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter. | |||||
| CVE-2005-1720 | 1 Apple | 1 Afp Server | 2008-09-05 | 2.1 LOW | N/A |
| AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL. | |||||
| CVE-2005-1719 | 1 Alwil | 1 Avast Antivirus | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and earlier, when running on Windows NT 4.0, does not properly detect certain viruses. | |||||
| CVE-2005-1450 | 1 S9y | 1 Serendipity | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact. | |||||
| CVE-2005-1657 | 1 Mercur | 1 Mercur Messaging | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities in Mercur Messaging 2005 SP2 allow remote attackers to perform unauthorized file operations via the Folder.Id parameter to (1) deletefolder.ctml, (2) deletemessage.ctml, (3) origmessage.ctml, or (4) readmessage.ctml, the Message.Id parameter to editmessage.ctml, or the (5) Message.Command parameter to messages.ctml. | |||||