CVE Daily
← All years

Uncategorized 2005

Page 7/38.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2005-12-11
High

CVE-2005-4152

Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-4153

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different v…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-4154

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or…

CVSS: 5.1CWE: N/A
Read more
High

CVE-2005-4155

registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to execute arbitrary SQL commands via an e-mail address that ends in a NULL character, which bypasses the PHP regular expression check. NO…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2005-4156

Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), with magic_quotes_gpc disabled, allows remote attackers to read arbitrary files and possibly cause a denial of service via a query…

CVSS: 9.4CWE: N/A
Read more
High

CVE-2005-4157

Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 allows remote attackers to authenticate to the service using an account that has been disabled.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script t…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2005-3532

authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through 0.52.1, when using pam_tally, does not call the pam_acct_mgmt function to verify that access should be granted, which allows att…

CVSS: 7.5CWE: N/A
Read more
2005-12-10
Low

CVE-2005-4151

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local users to…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2005-4150

Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4149

Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL querie…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4146

Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4147

The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2005-4148

Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4145

The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID)…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2005-4142

The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands v…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3651

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrar…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4144

Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCI…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4143

SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL.

CVSS: 7.5CWE: N/A
Read more
2005-12-09
Medium

CVE-2005-4138

Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofil…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2005-4133

Sun Update Connection in Sun Solaris 10, when configured to use a web proxy, allows local users to obtain the proxy authentication password via (1) an unspecified vector and (2) proxy log files.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2005-4140

SQL injection vulnerability in admin/login/index.php in Website Baker 2.6.0 allows remote attackers to execute arbitrary SQL commands via the username parameter, as used by the user field.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4139

Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) year parameter in calendar.php, (2) user parameter array in…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4141

Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via the (1) harf parameter in kullanicilistesi.asp and (2) baslik parameter in forum.asp.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4137

SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows remote attackers to execute arbitrary SQL commands via the invoiceID parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4136

Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via the customerEmailAddress parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4135

Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (pos…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4134

Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a la…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4126

** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPla…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4130

** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPla…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4131

Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a m…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2005-4132

Unspecified "security leak" vulnerability in Contenido before 4.6.4, when register_globals is on and allow_url_fopen is true, has unspecified impact and attack vectors. NOTE: it is likely that this…

CVSS: 7.5CWE: N/A
Read more
2005-12-08
Critical

CVE-2005-4090

Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is running, allows remote attackers to have unknown impact.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2005-4095

Directory traversal vulnerability in connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to list arbitrary files and directories via ".." sequences in the Type paramet…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4094

connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows remote attackers to execute arbitrary PHP by using the FileUpload command to upload a file that appears to be an image but contains…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4093

Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file…

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2005-4091

Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script 1-Search 1.8 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4086

Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local f…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4089

Microsoft Internet Explorer allows remote attackers to bypass cross-domain security restrictions and obtain sensitive information by using the @import directive to download files from other domains t…

CVSS: 7.1CWE: CWE-264
Read more
High

CVE-2005-4088

SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4087

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3665

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3661

Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuratio…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4078

Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) forumID, (2) boardID, and (3) topicRepeat…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4084

xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4083

Directory traversal vulnerability in xs_edit.php in the eXtreme Styles phpBB module 2.2.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the edit parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4082

The dhcp.client program for QNX 4.25 vmware is setuid, possibly by default, which allows local users to modify the NIC configuration and conduct other attacks.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2005-4081

Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow remote attackers to bypass authentication and possibly execute arbitrary SQL commands via the username and password parameters i…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4080

Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and s…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4079

The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the import_blacklist variable in grab_globals.php, which can…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4077

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via cer…

CVSS: 4.6CWE: CWE-189
Read more
Medium

CVE-2005-4076

Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2005-4074

Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and earlier, when Sandbox Security is disabled, allows remote attackers to include arbitrary local .cfm files via a .. (dot dot) in the (…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4072

Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in search_forums.cfm, a…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4069

SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying pr…

CVSS: 4.6CWE: CWE-264
Read more
High

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2005-4075

Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in…

CVSS: 4.3CWE: N/A
Read more
2005-12-07
High

CVE-2005-4055

SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4066

Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrat…

CVSS: 4.9CWE: CWE-310
Read more
High

CVE-2005-4065

SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4064

Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4063

Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categor…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4062

Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4061

Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4059

SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4057

Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name p…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4056

SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4054

SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categoryid, (2) entryid, (3) year, (4) month, and (…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4049

Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote attackers to execute arbitrary SQL commands via (1) the cat parameter in index.php and (2) the note parameter in blog.php.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4053

Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote attackers to inject arbitrary web script or HTML via the q parameter, as demonstrated using 26.html.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4046

Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java System Application Server Standard Edition 7 2004Q2, Application Server Enterprise Edition 8.1 2005Q1, and Sun ONE Application Serv…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2005-4047

Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4045

Unspecified vulnerability in System Communications Services 6 Delegated Administrator 2005Q1 in Sun Java System Messaging Server 2005Q1 allows remote attackers to obtain the Top-Level Administrator (…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4050

Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4051

e107 0.6174 allows remote attackers to vote multiple times for a download via repeated requests to rate.php.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4052

e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default insta…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-2931

Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers t…

CVSS: 7.5CWE: N/A
Read more
2005-12-06
Medium

CVE-2005-4044

Cross-site scripting (XSS) vulnerability in search.cgi in Amazon Search Directory 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly th…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4043

SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) arrange and (2) p parameters.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4042

Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to search.cgi.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4037

SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4041

Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4039

Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter.

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-4038

SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4035

Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4036

Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL."

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that i…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4030

SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2005-4033

Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remot…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4032

Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4034

Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php;…

CVSS: 7.5CWE: N/A
Read more
2005-12-05
High

CVE-2005-4019

SQL injection vulnerability in index.php in Relative Real Estate Systems 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the mls parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4029

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4028

Multiple cross-site scripting (XSS) vulnerabilities in aMember allow remote attackers to inject arbitrary web script or HTML via the (1) lamember_login parameter to sendpass.php and (2) login paramet…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4025

Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navi…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4024

Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 and 2005 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4023

Unspecified vulnerability in the zipcart module in Gallery 2.0 before 2.0.2 allows remote attackers to read arbitrary files via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-4022

Cross-site scripting (XSS) vulnerability in the "Add Image From Web" feature in Gallery 2.0 before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4021

The installer for Gallery 2.0 before 2.0.2 stores the install log under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4020

SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and earlier allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4026

search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4018

SQL injection vulnerability in ls.php in Landshop Real Estate Commerce System 0.6.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) start, (2) search_order, (3) sear…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4012

Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HT…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4017

property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4009

Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4008

SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 allows remote attackers to execute arbitrary SQL commands via the (1) cal_id parameter, and possibly the (2) Y and (3) m parameter…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4010

SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.p…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4013

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log direct…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4014

stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service (CPU consumption) via a large lastnumber value.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-4015

PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated usin…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-4016

SQL injection vulnerability in Widget Property 1.1.19 allows remote attackers to execute arbitrary SQL commands via the (1) property_id, (2) zip_code, (3) property_type_id, (4) price, and (5) city_id…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-4005

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Sear…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2005-4007

Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/contro…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2005-4000

Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-4004

Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-4003

Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-4002

WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation.

CVSS: 4.0CWE: N/A
Read more
High

CVE-2005-4001

Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3995

Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitr…

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2005-3999

Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

CVSS: 4.3CWE: N/A
Read more
>