260151
|
4.3 |
MEDIUM
|
aquifer_cms
|
aquifer_cms
|
Cross-site scripting (XSS) vulnerability in Public/Index.asp in Aquifer CMS allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.
|
NVD-CWE-Other
|
CVE-2006-0122
|
2011-03-8 11:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260152
|
4.3 |
MEDIUM
|
aquifer_cms
|
aquifer_cms
|
Vendor provided solution:
"Liquid Development has identified this vulnerability in all shipping versions of AquiferCMS and coded a software fix. The fix will be included in all releases of Aquifer…
|
NVD-CWE-Other
|
CVE-2006-0122
|
2011-03-8 11:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260153
|
5.0 |
MEDIUM
|
appserv_open_project
|
appserv
|
Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows remote attackers to include arbitrary files via the appserv_root parameter. NOTE: the provenance of this information is unknown;…
|
NVD-CWE-Other
|
CVE-2006-0125
|
2011-03-8 11:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260154
|
4.6 |
MEDIUM
|
rxvt-unicode
|
rxvt-unicode
|
rxvt-unicode before 6.3, on certain platforms that use openpty and non-Unix pty devices such as Linux and most BSD platforms, does not maintain the intended permissions of tty devices, which allows l…
|
NVD-CWE-Other
|
CVE-2006-0126
|
2011-03-8 11:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260155
|
4.0 |
MEDIUM
|
rockliffe
|
mailsite
|
Directory traversal vulnerability in the IMAP service of Rockliffe MailSite before 6.1.22.1 allows remote authenticated users to rename the folders of other users via a .. (dot dot) in the RENAME com…
|
NVD-CWE-Other
|
CVE-2006-0127
|
2011-03-8 11:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260156
|
5.0 |
MEDIUM
|
rockliffe
|
mailsite
|
Mail Management Agent (MAILMA) (aka Mail Management Server) in Rockliffe MailSite 7.0.3.1 and earlier generates different responses depending on whether or not a username is valid, which allows remot…
|
NVD-CWE-Other
|
CVE-2006-0129
|
2011-03-8 11:29 |
2006-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260157
|
7.5 |
HIGH
|
cyberdoc
|
sitesuite_cms
|
SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
NVD-CWE-Other
|
CVE-2006-0158
|
2011-03-8 11:29 |
2006-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260158
|
5.0 |
MEDIUM
|
php-nuke
|
news_module pool_module
|
Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an I…
|
NVD-CWE-Other
|
CVE-2006-0185
|
2011-03-8 11:29 |
2006-01-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260159
|
5.0 |
MEDIUM
|
paypal
|
php_toolkit
|
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST …
|
NVD-CWE-Other
|
CVE-2006-0201
|
2011-03-8 11:29 |
2006-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260160
|
3.6 |
LOW
|
paypal
|
php_toolkit
|
Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view …
|
NVD-CWE-Other
|
CVE-2006-0202
|
2011-03-8 11:29 |
2006-01-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260161
|
7.5 |
HIGH
|
pdfdirectory
|
pdfdirectory
|
Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (…
|
NVD-CWE-Other
|
CVE-2006-0313
|
2011-03-8 11:29 |
2006-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260162
|
7.5 |
HIGH
|
pdfdirectory
|
pdfdirectory
|
PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection…
|
NVD-CWE-Other
|
CVE-2006-0314
|
2011-03-8 11:29 |
2006-01-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260163
|
5.0 |
MEDIUM
|
sun
|
java_system_web_proxy_server
|
Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-4806
|
2011-03-8 11:29 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260164
|
10.0 |
HIGH
|
hp
|
http_server
|
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-4823
|
2011-03-8 11:29 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260165
|
4.3 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sens…
|
NVD-CWE-Other
|
CVE-2005-4833
|
2011-03-8 11:29 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260166
|
5.0 |
MEDIUM
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web co…
|
NVD-CWE-Other
|
CVE-2005-4834
|
2011-03-8 11:29 |
2005-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260167
|
7.8 |
HIGH
|
hitachi
|
groupmax_mail_smtp
|
Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through 07-20 allows remote attackers to cause a denial of service (service stop) via an e-mail message with an "invalid format."
|
NVD-CWE-Other
|
CVE-2005-4324
|
2011-03-8 11:28 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260168
|
4.3 |
MEDIUM
|
university_of_arizona
|
webglimpse
|
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
NVD-CWE-Other
|
CVE-2005-4328
|
2011-03-8 11:28 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260169
|
7.5 |
HIGH
|
php_arena
|
pafiledb
|
SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.
|
NVD-CWE-Other
|
CVE-2005-4329
|
2011-03-8 11:28 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260170
|
7.5 |
HIGH
|
-
|
-
|
SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.
|
NVD-CWE-Other
|
CVE-2005-4330
|
2011-03-8 11:28 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260171
|
7.5 |
HIGH
|
ihtml_merchant
|
ihtml_merchant
|
SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.
|
NVD-CWE-Other
|
CVE-2005-4331
|
2011-03-8 11:28 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260172
|
4.3 |
MEDIUM
|
courseforum
|
projectforum
|
Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) o…
|
NVD-CWE-Other
|
CVE-2005-4336
|
2011-03-8 11:28 |
2005-12-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260173
|
7.5 |
HIGH
|
macromedia
|
coldfusion
|
ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to …
|
NVD-CWE-Other
|
CVE-2005-4342
|
2011-03-8 11:28 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260174
|
5.0 |
MEDIUM
|
macromedia
|
coldfusion
|
Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled b…
|
NVD-CWE-Other
|
CVE-2005-4343
|
2011-03-8 11:28 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260175
|
2.1 |
LOW
|
macromedia
|
coldfusion
|
Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuratio…
|
NVD-CWE-Other
|
CVE-2005-4344
|
2011-03-8 11:28 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260176
|
7.2 |
HIGH
|
macromedia
|
coldfusion
|
Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.
|
NVD-CWE-Other
|
CVE-2005-4345
|
2011-03-8 11:28 |
2005-12-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260177
|
7.8 |
HIGH
|
sun
|
wbem_services
|
Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 and A.02.x before A.02.00.08 on HP-UX B.11.00 through B.11.23 allows remote attackers to cause an unspecified denial of service via…
|
NVD-CWE-Other
|
CVE-2005-4350
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260178
|
7.5 |
HIGH
|
toenda_software_development
|
toendacms
|
SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
NVD-CWE-Other
|
CVE-2005-4353
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260179
|
4.3 |
MEDIUM
|
-
|
-
|
Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
NVD-CWE-Other
|
CVE-2005-4354
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260180
|
4.3 |
MEDIUM
|
xmpie
|
ustore
|
Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter…
|
NVD-CWE-Other
|
CVE-2005-4355
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260181
|
7.5 |
HIGH
|
xmpie
|
ustore
|
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the…
|
NVD-CWE-Other
|
CVE-2005-4356
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260182
|
6.4 |
MEDIUM
|
oodie
|
odfaq
|
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
|
NVD-CWE-Other
|
CVE-2005-4359
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260183
|
4.3 |
MEDIUM
|
magnolia
|
content_management_suite
|
Cross-site scripting (XSS) vulnerability in search.html in Magnolia Content Management Suite 2.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
|
NVD-CWE-Other
|
CVE-2005-4361
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260184
|
5.0 |
MEDIUM
|
komodo
|
komodo_cms
|
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
|
NVD-CWE-Other
|
CVE-2005-4362
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260185
|
5.8 |
MEDIUM
|
komodo
|
komodo_cms
|
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
|
NVD-CWE-Other
|
CVE-2005-4363
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260186
|
5.8 |
MEDIUM
|
hot_banana
|
web_content_management_suite
|
Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
NVD-CWE-Other
|
CVE-2005-4364
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260187
|
4.3 |
MEDIUM
|
flip
|
flip
|
Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter in text.php and (2) frame parameter in …
|
NVD-CWE-Other
|
CVE-2005-4365
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260188
|
4.3 |
MEDIUM
|
the_collective
|
acuity_cms
|
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp.
|
NVD-CWE-Other
|
CVE-2005-4369
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260189
|
4.3 |
MEDIUM
|
liquid_bytes_technologies
|
adaptive_website_framework
|
Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter.
|
NVD-CWE-Other
|
CVE-2005-4372
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260190
|
4.3 |
MEDIUM
|
allinta
|
allinta
|
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery p…
|
NVD-CWE-Other
|
CVE-2005-4374
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260191
|
4.3 |
MEDIUM
|
box_uk
|
amaxus
|
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant …
|
NVD-CWE-Other
|
CVE-2005-4375
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260192
|
4.3 |
MEDIUM
|
nma
|
baseline_cms
|
Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters.
|
NVD-CWE-Other
|
CVE-2005-4377
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260193
|
7.5 |
HIGH
|
nma
|
baseline_cms
|
SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter.
|
NVD-CWE-Other
|
CVE-2005-4378
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260194
|
4.3 |
MEDIUM
|
caravel_cms
|
caravel_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs p…
|
NVD-CWE-Other
|
CVE-2005-4381
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260195
|
4.3 |
MEDIUM
|
cofax
|
cofax
|
Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 RC3 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
|
NVD-CWE-Other
|
CVE-2005-4385
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260196
|
4.3 |
MEDIUM
|
contenite
|
contenite
|
Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter.
|
NVD-CWE-Other
|
CVE-2005-4387
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260197
|
4.3 |
MEDIUM
|
formicary_ltd.
|
epix
|
Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search query parameters.
|
NVD-CWE-Other
|
CVE-2005-4394
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260198
|
4.3 |
MEDIUM
|
farcry
|
farcry
|
Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter.
|
NVD-CWE-Other
|
CVE-2005-4395
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260199
|
5.0 |
MEDIUM
|
random_mouse_software
|
red_queen
|
redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to obtain the full server path via invalid (1) yellowpage_id, (2) skin_id, (3) supplier_id, and (4) module parameters, which leaks t…
|
NVD-CWE-Other
|
CVE-2005-4405
|
2011-03-8 11:28 |
2005-12-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
260200
|
4.3 |
MEDIUM
|
esselbach_internet_solutions
|
esselbach_storyteller_cms
|
Cross-site scripting (XSS) vulnerability in search.php in Esselbach Storyteller CMS 1.8 allows remote attackers to inject arbitrary web script or HTML via the query parameter, which is used by the Se…
|
NVD-CWE-Other
|
CVE-2005-4433
|
2011-03-8 11:28 |
2005-12-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|