244701
|
5.0 |
MEDIUM
|
banex
|
banex
|
Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database userna…
|
NVD-CWE-Other
|
CVE-2006-3965
|
2016-10-18 12:40 |
2006-08-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244702
|
10.0 |
HIGH
|
linux
|
linux_kernel
|
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON.
|
NVD-CWE-Other
|
CVE-2006-1523
|
2016-10-18 12:39 |
2006-04-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244703
|
7.5 |
HIGH
|
alt-n
|
mdaemon
|
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
|
NVD-CWE-Other
|
CVE-2006-2646
|
2016-10-18 12:39 |
2006-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244704
|
4.3 |
MEDIUM
|
open-xchange
|
open-xchange
|
Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachme…
|
NVD-CWE-Other
|
CVE-2006-0091
|
2016-10-18 12:38 |
2006-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244705
|
7.8 |
HIGH
|
motorola
|
motorola_cable_modem
|
Motorola SB5100E Cable Modem allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LA…
|
NVD-CWE-Other
|
CVE-2005-4215
|
2016-10-18 12:38 |
2005-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244706
|
6.5 |
MEDIUM
|
mailenable
|
mailenable_enterprise mailenable_professional
|
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.
|
NVD-CWE-Other
|
CVE-2005-4402
|
2016-10-18 12:38 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244707
|
5.0 |
MEDIUM
|
extensis
|
netpublish_server
|
Directory traversal vulnerability in server.np in NetPublish Server 7 allows remote attackers to read arbitrary files via "../" sequences in the template parameter.
|
NVD-CWE-Other
|
CVE-2005-4510
|
2016-10-18 12:38 |
2005-12-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244708
|
4.3 |
MEDIUM
|
oracle
|
application_server_discussion_forum_portlet
|
Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parame…
|
NVD-CWE-Other
|
CVE-2005-4549
|
2016-10-18 12:38 |
2005-12-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244709
|
4.3 |
MEDIUM
|
simpbook
|
simpbook
|
Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to inde…
|
NVD-CWE-Other
|
CVE-2005-4551
|
2016-10-18 12:38 |
2005-12-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244710
|
4.6 |
MEDIUM
|
flexbackup
|
flexbackup
|
Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files. NOTE: the raw source referenced an incorrect candidate number; this is th…
|
NVD-CWE-Other
|
CVE-2005-4802
|
2016-10-18 12:38 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244711
|
7.5 |
HIGH
|
hitachi
|
ip5000_voip_wifi_phone
|
Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to disable access to (1) SNMP or (2) TCP port 3390, which allows remote attackers to modify configuration using CVE-2005-3722, or access t…
|
NVD-CWE-Other
|
CVE-2005-3723
|
2016-10-18 12:37 |
2005-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244712
|
6.4 |
MEDIUM
|
zyxel
|
prestige_2000w_v.1voip_wi-fi_phone
|
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or…
|
NVD-CWE-Other
|
CVE-2005-3725
|
2016-10-18 12:37 |
2005-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244713
|
7.5 |
HIGH
|
pollvote
|
pollvote
|
PHP remote file inclusion vulnerability in pollvote.php in PollVote allows remote attackers to include arbitrary files via a URL in the pollname parameter.
|
CWE-94
コード・インジェクション
|
CVE-2005-3775
|
2016-10-18 12:37 |
2005-11-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244714
|
4.3 |
MEDIUM
|
mybulletinboard
|
mybulletinboard
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a n…
|
NVD-CWE-Other
|
CVE-2005-3776
|
2016-10-18 12:37 |
2005-11-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244715
|
5.0 |
MEDIUM
|
mybulletinboard
|
mybulletinboard
|
MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.
|
NVD-CWE-Other
|
CVE-2005-3777
|
2016-10-18 12:37 |
2005-11-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244716
|
5.0 |
MEDIUM
|
phpwcms
|
phpwcms
|
Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir paramete…
|
NVD-CWE-Other
|
CVE-2005-3789
|
2016-10-18 12:37 |
2005-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244717
|
4.3 |
MEDIUM
|
-
|
-
|
Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.
|
NVD-CWE-Other
|
CVE-2005-3790
|
2016-10-18 12:37 |
2005-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244718
|
5.0 |
MEDIUM
|
phpadsnew phppgads
|
phpadsnew phppgads
|
HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors.
|
NVD-CWE-Other
|
CVE-2005-3791
|
2016-10-18 12:37 |
2005-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244719
|
5.0 |
MEDIUM
|
phpbb_group
|
phpbb
|
phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.
|
NVD-CWE-Other
|
CVE-2005-3799
|
2016-10-18 12:37 |
2005-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244720
|
4.6 |
MEDIUM
|
counterpane
|
passwordsafe
|
CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) fu…
|
NVD-CWE-Other
|
CVE-2005-3801
|
2016-10-18 12:37 |
2005-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244721
|
7.8 |
HIGH
|
linux
|
linux_kernel
|
The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without pri…
|
NVD-CWE-Other
|
CVE-2005-3809
|
2016-10-18 12:37 |
2005-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244722
|
7.8 |
HIGH
|
linux
|
linux_kernel
|
ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which lea…
|
NVD-CWE-Other
|
CVE-2005-3810
|
2016-10-18 12:37 |
2005-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244723
|
5.0 |
MEDIUM
|
gadu-gadu
|
gadu-gadu_instant_messenger
|
Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
|
NVD-CWE-Other
|
CVE-2005-3892
|
2016-10-18 12:37 |
2005-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244724
|
7.8 |
HIGH
|
mozilla
|
mozilla
|
Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function.
|
NVD-CWE-Other
|
CVE-2005-3896
|
2016-10-18 12:37 |
2005-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244725
|
7.8 |
HIGH
|
apple
|
safari
|
Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function.
|
NVD-CWE-Other
|
CVE-2005-3897
|
2016-10-18 12:37 |
2005-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244726
|
6.8 |
MEDIUM
|
phorum
|
phorum
|
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.
|
CWE-89
SQLインジェクション
|
CVE-2005-3543
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244727
|
5.0 |
MEDIUM
|
codegrrl
|
phpcalendar phpclique phpcurrently phpfanbase phpquotes
|
PHP file inclusion vulnerability in protection.php in CodeGrrl (a) PHPCalendar 1.0, (b) PHPClique 1.0, (c) PHPCurrently 2.0, (d) PHPFanBase 2.1, and (e) PHPQuotes 1.0 allows remote attackers to inclu…
|
CWE-94
コード・インジェクション
|
CVE-2005-3571
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244728
|
7.8 |
HIGH
|
sun
|
jre sdk
|
(1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unrespo…
|
NVD-CWE-Other
|
CVE-2005-3583
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244729
|
4.3 |
MEDIUM
|
phpwebthings
|
phpwebthings
|
Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter.
|
NVD-CWE-Other
|
CVE-2005-3584
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244730
|
5.0 |
MEDIUM
|
cutephp
|
cutenews
|
index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot s…
|
NVD-CWE-Other
|
CVE-2005-3592
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244731
|
5.0 |
MEDIUM
|
e107
|
e107
|
game_score.php in e107 allows remote attackers to insert high scores via HTTP POST methods utilizing the $player_name, $player_score, and $game_name variables.
|
NVD-CWE-Other
|
CVE-2005-3594
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244732
|
5.0 |
MEDIUM
|
phpmyadmin
|
phpmyadmin
|
phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain the full path of the server via direct requests to multiple scripts in the libraries directory.
|
NVD-CWE-Other
|
CVE-2005-3622
|
2016-10-18 12:36 |
2005-11-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244733
|
2.6 |
LOW
|
moodle
|
moodle
|
jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users to other sites via the jump parameter.
|
NVD-CWE-Other
|
CVE-2005-3649
|
2016-10-18 12:36 |
2005-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244734
|
7.5 |
HIGH
|
realnetworks
|
realplayer
|
Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is …
|
NVD-CWE-Other
|
CVE-2005-3677
|
2016-10-18 12:36 |
2005-11-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244735
|
7.5 |
HIGH
|
activecampaign
|
1-2-all_broadcast_email
|
SQL injection vulnerability in admin/index.php in ActiveCampaign 1-2-All Broadcast Email allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username field in …
|
NVD-CWE-Other
|
CVE-2005-3679
|
2016-10-18 12:36 |
2005-11-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244736
|
6.4 |
MEDIUM
|
xoops
|
xoops
|
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
|
NVD-CWE-Other
|
CVE-2005-3680
|
2016-10-18 12:36 |
2005-11-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244737
|
7.5 |
HIGH
|
xoops
|
wf-downloads
|
SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.
|
NVD-CWE-Other
|
CVE-2005-3681
|
2016-10-18 12:36 |
2005-11-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244738
|
4.6 |
MEDIUM
|
hitachi
|
ip5000_voip_wifi_phone
|
Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuratio…
|
NVD-CWE-Other
|
CVE-2005-3719
|
2016-10-18 12:36 |
2005-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244739
|
5.0 |
MEDIUM
|
hitachi
|
ip5000_voip_wifi_phone
|
The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 lists sensitive information such as software versions.
|
NVD-CWE-Other
|
CVE-2005-3720
|
2016-10-18 12:36 |
2005-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244740
|
5.0 |
MEDIUM
|
hitachi
|
ip5000_voip_wifi_phone
|
The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configu…
|
NVD-CWE-Other
|
CVE-2005-3721
|
2016-10-18 12:36 |
2005-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244741
|
7.5 |
HIGH
|
hitachi
|
ip5000_voip_wifi_phone
|
The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials.
|
NVD-CWE-Other
|
CVE-2005-3722
|
2016-10-18 12:36 |
2005-11-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244742
|
5.0 |
MEDIUM
|
ukranian_national_antivirus
|
una
|
Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic…
|
NVD-CWE-Other
|
CVE-2005-3381
|
2016-10-18 12:35 |
2005-10-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244743
|
5.0 |
MEDIUM
|
sophos
|
sophos_anti-virus
|
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is no…
|
NVD-CWE-Other
|
CVE-2005-3382
|
2016-10-18 12:35 |
2005-10-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244744
|
7.5 |
HIGH
|
-
|
-
|
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
|
NVD-CWE-Other
|
CVE-2005-3383
|
2016-10-18 12:35 |
2005-10-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244745
|
7.5 |
HIGH
|
techno_dreams
|
techno_dreams_guest_book
|
SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
|
NVD-CWE-Other
|
CVE-2005-3384
|
2016-10-18 12:35 |
2005-10-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244746
|
7.5 |
HIGH
|
techno_dreams
|
mailing_list
|
SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
|
NVD-CWE-Other
|
CVE-2005-3385
|
2016-10-18 12:35 |
2005-10-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244747
|
7.5 |
HIGH
|
techno_dreams
|
web_directory
|
SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
|
NVD-CWE-Other
|
CVE-2005-3386
|
2016-10-18 12:35 |
2005-10-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244748
|
5.0 |
MEDIUM
|
cat
|
quick_heal
|
Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated…
|
NVD-CWE-Other
|
CVE-2005-3399
|
2016-10-18 12:35 |
2005-11-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244749
|
5.0 |
MEDIUM
|
fortinet
|
fortinet
|
Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated…
|
NVD-CWE-Other
|
CVE-2005-3400
|
2016-10-18 12:35 |
2005-11-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244750
|
5.0 |
MEDIUM
|
thehacker
|
thehacker
|
Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associat…
|
NVD-CWE-Other
|
CVE-2005-3401
|
2016-10-18 12:35 |
2005-11-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|