273701
|
5.0 |
MEDIUM
|
xampp
|
apache_distribution
|
Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php.
|
NVD-CWE-Other
|
CVE-2005-2043
|
2008-09-6 05:50 |
2005-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273702
|
4.3 |
MEDIUM
|
adaptive_technology_resource_centre
|
atutor
|
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) sub…
|
NVD-CWE-Other
|
CVE-2005-2044
|
2008-09-6 05:50 |
2005-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273703
|
5.1 |
MEDIUM
|
realnetworks
|
realone_player realplayer
|
Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafte…
|
NVD-CWE-Other
|
CVE-2005-2054
|
2008-09-6 05:50 |
2005-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273704
|
5.0 |
MEDIUM
|
realnetworks
|
realone_player realplayer
|
RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settin…
|
NVD-CWE-Other
|
CVE-2005-2055
|
2008-09-6 05:50 |
2005-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273705
|
5.0 |
MEDIUM
|
freebsd
|
freebsd
|
FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session.
|
NVD-CWE-Other
|
CVE-2005-2068
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273706
|
5.0 |
MEDIUM
|
sendmail
|
sendmail
|
The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevent…
|
NVD-CWE-Other
|
CVE-2005-2070
|
2008-09-6 05:50 |
2005-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273707
|
2.1 |
LOW
|
ibm
|
db2
|
Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents.
|
NVD-CWE-Other
|
CVE-2005-2073
|
2008-09-6 05:50 |
2005-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273708
|
2.1 |
LOW
|
sofotex
|
bisonftp
|
BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
|
NVD-CWE-Other
|
CVE-2005-2078
|
2008-09-6 05:50 |
2005-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273709
|
7.5 |
HIGH
|
symantec_veritas
|
backup_exec
|
Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2005-2079
|
2008-09-6 05:50 |
2005-08-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273710
|
7.5 |
HIGH
|
symantec_veritas
|
backup_exec
|
Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privile…
|
NVD-CWE-Other
|
CVE-2005-2080
|
2008-09-6 05:50 |
2005-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273711
|
5.0 |
MEDIUM
|
kde
|
kde
|
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files.
|
NVD-CWE-Other
|
CVE-2005-2101
|
2008-09-6 05:50 |
2005-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273712
|
7.5 |
HIGH
|
etoshop
|
dynamic_biz_website_builder_quickweb
|
SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters.
|
NVD-CWE-Other
|
CVE-2005-2135
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273713
|
5.0 |
MEDIUM
|
nateon
|
nateon_messenger
|
Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2005-2137
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273714
|
4.3 |
MEDIUM
|
comdev
|
comdev_ecommerce
|
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" …
|
NVD-CWE-Other
|
CVE-2005-2138
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273715
|
5.0 |
MEDIUM
|
fsboard
|
fsboard
|
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.
|
NVD-CWE-Other
|
CVE-2005-2140
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273716
|
5.0 |
MEDIUM
|
jollybox.de
|
tcp_chat
|
TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow.
|
NVD-CWE-Other
|
CVE-2005-2141
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273717
|
2.1 |
LOW
|
kmint21_software
|
golden_ftp_server
|
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
|
NVD-CWE-Other
|
CVE-2005-2142
|
2008-09-6 05:50 |
2005-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273718
|
4.3 |
MEDIUM
|
survivor
|
survivor
|
Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-1388
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273719
|
4.6 |
MEDIUM
|
freebsd
|
freebsd
|
FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is con…
|
NVD-CWE-Other
|
CVE-2005-1399
|
2008-09-6 05:49 |
2005-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273720
|
4.6 |
MEDIUM
|
freebsd
|
freebsd
|
The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.
|
NVD-CWE-Other
|
CVE-2005-1400
|
2008-09-6 05:49 |
2005-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273721
|
7.5 |
HIGH
|
mtp-target
|
mtp-target
|
Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text.
|
NVD-CWE-Other
|
CVE-2005-1401
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273722
|
5.0 |
MEDIUM
|
mtp-target
|
mtp-target
|
Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memo…
|
NVD-CWE-Other
|
CVE-2005-1402
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273723
|
6.8 |
MEDIUM
|
-
|
-
|
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php,…
|
NVD-CWE-Other
|
CVE-2005-1403
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273724
|
5.0 |
MEDIUM
|
myphp_forum
|
myphp_forum
|
MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.
|
NVD-CWE-Other
|
CVE-2005-1404
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273725
|
4.6 |
MEDIUM
|
skype_technologies
|
skype
|
Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.
|
NVD-CWE-Other
|
CVE-2005-1407
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273726
|
7.5 |
HIGH
|
ecomm
|
professional_guestbook
|
SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.
|
NVD-CWE-Other
|
CVE-2005-1412
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273727
|
10.0 |
HIGH
|
globalscape
|
secure_ftp_server
|
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
|
NVD-CWE-Other
|
CVE-2005-1415
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273728
|
7.5 |
HIGH
|
maxwebportal
|
maxwebportal
|
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.…
|
NVD-CWE-Other
|
CVE-2005-1417
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273729
|
7.5 |
HIGH
|
maxwebportal
|
maxwebportal
|
The vulnerabilities have been partially fixed in versions 1.3.5 and 2.0. The remaining vulnerabilities will reportedly be fixed in the upcoming 2.1 version.
|
NVD-CWE-Other
|
CVE-2005-1417
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273730
|
7.5 |
HIGH
|
ocean12_technologies
|
mailing_list_manager
|
SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter.
|
NVD-CWE-Other
|
CVE-2005-1419
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273731
|
5.0 |
MEDIUM
|
raysoft
|
video_cam_server
|
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space).
|
NVD-CWE-Other
|
CVE-2005-1420
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273732
|
5.0 |
MEDIUM
|
raysoft
|
video_cam_server
|
Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.
|
NVD-CWE-Other
|
CVE-2005-1421
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273733
|
7.5 |
HIGH
|
-
|
-
|
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html.
|
NVD-CWE-Other
|
CVE-2005-1422
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273734
|
6.4 |
MEDIUM
|
software602
|
602lan_suite
|
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequence…
|
NVD-CWE-Other
|
CVE-2005-1423
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273735
|
7.5 |
HIGH
|
abczone.it
|
wwwguestbook
|
SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.
|
NVD-CWE-Other
|
CVE-2005-1429
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273736
|
4.6 |
MEDIUM
|
hp
|
openview_event_correlation_services
|
Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2005-1433
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273737
|
7.5 |
HIGH
|
hp
|
openview_network_node_manager
|
Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2005-1434
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273738
|
7.5 |
HIGH
|
open_webmail
|
open_webmail
|
Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.
|
NVD-CWE-Other
|
CVE-2005-1435
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273739
|
7.5 |
HIGH
|
osticket
|
osticket
|
Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.
|
NVD-CWE-Other
|
CVE-2005-1437
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273740
|
7.5 |
HIGH
|
osticket
|
osticket
|
PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.
|
NVD-CWE-Other
|
CVE-2005-1438
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273741
|
7.5 |
HIGH
|
osticket
|
osticket
|
Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via .. sequences in the file parameter.
|
NVD-CWE-Other
|
CVE-2005-1439
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273742
|
6.8 |
MEDIUM
|
codetosell
|
viart_shop_enterprise
|
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nick…
|
NVD-CWE-Other
|
CVE-2005-1440
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273743
|
6.8 |
MEDIUM
|
-
|
-
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (…
|
NVD-CWE-Other
|
CVE-2005-1443
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273744
|
6.8 |
MEDIUM
|
sitepanel
|
sitepanel
|
Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name paramet…
|
NVD-CWE-Other
|
CVE-2005-1444
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273745
|
6.4 |
MEDIUM
|
sitepanel
|
sitepanel
|
Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (…
|
NVD-CWE-Other
|
CVE-2005-1445
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273746
|
7.5 |
HIGH
|
sitepanel
|
sitepanel
|
SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket.
|
NVD-CWE-Other
|
CVE-2005-1446
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273747
|
7.5 |
HIGH
|
sitepanel
|
sitepanel
|
PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter.
|
NVD-CWE-Other
|
CVE-2005-1447
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273748
|
6.8 |
MEDIUM
|
s9y
|
serendipity
|
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-1448
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273749
|
10.0 |
HIGH
|
s9y
|
serendipity
|
Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.
|
NVD-CWE-Other
|
CVE-2005-1449
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
273750
|
7.5 |
HIGH
|
s9y
|
serendipity
|
Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.
|
NVD-CWE-Other
|
CVE-2005-1450
|
2008-09-6 05:49 |
2005-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|