|
270371
|
- |
|
gianluca_baldo
|
phpauction
|
PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID.
|
NVD-CWE-Other
|
CVE-2005-2252
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270372
|
- |
|
gianluca_baldo
|
phpauction
|
SQL injection vulnerability in PhpAuction 2.5 allow remote attackers to modify SQL queries via the category parameter to adsearch.php. NOTE: there is evidence that viewnews.php may not be part of the…
|
NVD-CWE-Other
|
CVE-2005-2253
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270373
|
- |
|
gianluca_baldo
|
phpauction
|
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan param…
|
NVD-CWE-Other
|
CVE-2005-2255
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270374
|
- |
|
phppgadmin
|
phppgadmin
|
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
|
NVD-CWE-Other
|
CVE-2005-2256
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270375
|
- |
|
squitosoft
|
squito_gallery
|
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.
|
NVD-CWE-Other
|
CVE-2005-2258
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270376
|
- |
|
usanet_creations
|
domain_name_auction
makebid_auction_deluxe
makebid_auction_standard
makebid_reverse_auction
standard_classified_ads
usanet_shopping_mall
|
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Soft…
|
NVD-CWE-Other
|
CVE-2005-2259
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270377
|
- |
|
alexander_clauss
|
icab
|
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing att…
|
NVD-CWE-Other
|
CVE-2005-2271
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270378
|
- |
|
esi_products
|
webeoc
|
Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-2282
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270379
|
- |
|
esi_products
|
webeoc
|
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a larg…
|
NVD-CWE-Other
|
CVE-2005-2283
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
270380
|
- |
|
esi_products
|
webeoc
|
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2005-2284
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
