CVE Daily
← All years

Uncategorized 2005

Page 9/38.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2005-11-29
High

CVE-2005-3872

Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORU…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3871

Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) for…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3869

Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3868

Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php,…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3867

Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used whe…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3866

Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used w…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3865

SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3864

SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affe…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3862

Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.

CVSS: 7.5CWE: N/A
Read more
2005-11-27
High

CVE-2005-3858

Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3857

The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases,…

CVSS: 4.9CWE: CWE-399
Read more
Medium

CVE-2005-3856

The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL fi…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2005-3850

Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3852

SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3853

SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3854

Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3855

SQL injection vulnerability in process.php in 1-2-3 music store allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3851

Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possi…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3848

Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets tha…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3849

Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

CVSS: 4.3CWE: N/A
Read more
2005-11-26
High

CVE-2005-3843

SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3846

SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3844

SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3838

Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status,…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3842

SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3841

Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3839

Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3836

SQL injection vulnerability in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the announce parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3837

Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term param…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3833

SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3834

Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3827

SQL injection vulnerability in product_cat in AgileBill 1.4.92 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3828

SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3829

index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an invalid category parameter, which causes a large number of S…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3830

index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3826

Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) edit_id, (2) faq_id, and (3) c_id parameters in a query string, and (4)…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3825

SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a result action.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3824

The uploads module in vTiger CRM 4.2 and earlier allows remote attackers to upload arbitrary files, such as PHP files, via the add2db action.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3823

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3822

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demons…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3820

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (do…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-3821

Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3818

Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) various input fields, including the contact, le…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3819

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3815

SQL injection vulnerability in forum.php in Orca Forum 4.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3814

Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro allow remote attackers to inject arbitrary web script or HTML via the username parameter in (1) directory.php, (2) frames.php, and…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3813

IMAP service (meimaps.exe) of MailEnable Professional 1.7 and Enterprise 1.1 allows remote authenticated attackers to cause a denial of service (application crash) by using RENAME with a non-existent…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2005-3812

freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.

CVSS: 6.8CWE: N/A
Read more
High

CVE-2005-3816

Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 and earlier and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter or (2) thread parameter…

CVSS: 7.5CWE: N/A
Read more
2005-11-25
Medium

CVE-2005-3811

Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3809

The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via an update message without pri…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2005-3810

ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to 2.6.14.3 allows attackers to cause a denial of service (kernel oops) via a message without ICMP ID (ICMP_ID) information, which lea…

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2005-3808

Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2005-3807

Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2005-3806

The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt k…

CVSS: 6.6CWE: CWE-399
Read more
Medium

CVE-2005-3805

A locking problem in POSIX timer cleanup handling on exit in Linux kernel 2.6.10 to 2.6.14, when running on SMP systems, allows local users to cause a denial of service (deadlock) involving process C…

CVSS: 4.9CWE: N/A
Read more
2005-11-24
High

CVE-2005-3796

Direct static code injection vulnerability in admin_options_manage.php in AlstraSoft Affiliate Network Pro 7.2 allows attackers to execute arbitrary PHP code via the number parameter. NOTE: it is no…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3802

Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 and 4.05.03, when a legitimate administrator is logged into the web management interface, allow remote attackers to access the ma…

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2005-3801

CounterPane PasswordSafe 1.x and 2.x allows local users to test possible encryption keys against a subset of the stored key data without performing the more expensive key derivation function (KDF) fu…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2005-3800

Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak algorithm to encrypt user password in connection keys that use shared FTP login credentials, which allows attackers to obtain sen…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3799

phpBB 2.0.18 allows remote attackers to obtain sensitive information via a large SQL query, which generates an error message that reveals SQL syntax or the full installation path.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3798

SQL injection vulnerability in admin/index.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary SQL commands via the username field.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3797

PHP remote file inclusion vulnerability in payment_paypal.php in AlstraSoft Template Seller Pro 3.25 allows remote attackers to execute arbitrary PHP code via the config[basepath] parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3804

Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2005-3795

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to inject arbitrary web script or HTML via (1) the Err parameter in admin/index.php…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3793

Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network Pro 7.2 allow remote attackers to bypass authentication and execute arbitrary SQL commands via the (1) username or (2) password…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3792

Multiple SQL injection vulnerabilities in the Search module in PHP-Nuke 7.8, and possibly other versions before 7.9 with patch 3.1, allows remote attackers to execute arbitrary SQL commands, as demon…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3791

HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 and earlier allows remote attackers to inject arbitrary HTML headers via adclick.php and possibly other unspecified vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3790

Multiple cross-site scripting (XSS) vulnerabilities in act_newsletter.php in phpwcms 1.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) i and (2) text parameters.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3789

Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) form_lang parameter in login.php and (2) the imgdir paramete…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3788

Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), 7.0(2), and 7.0(4), when running with an Active/Standby configuration and when the failover LAN interface fails, allows remote attack…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2005-3794

AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain sensitive information via a direct request to scripts such as (1) togateway.php and (2) other unspecified scripts.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3787

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl4 allow remote attackers to inject arbitrary web script or HTML via (1) the cookie-based login panel, (2) the title pa…

CVSS: 4.3CWE: N/A
Read more
2005-11-23
Medium

CVE-2005-3785

Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3786

Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ZENworks 6.5 Desktop Management does not restrict access to Remote Diagnostics, which allows local users to bypass security policie…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2005-3783

The ptrace functionality (ptrace.c) in Linux kernel 2.6 before 2.6.14.2, using CLONE_THREAD, does not use the thread group ID to check whether it is attaching to itself, which allows local users to c…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2005-3784

The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 includes processes with ptrace attached, which leads to a dangling ptrace reference and allows local users to cause a denial of serv…

CVSS: 4.9CWE: CWE-399
Read more
Medium

CVE-2005-3781

Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries."

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3778

Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev 686 allows attackers to cause a denial of service via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3780

Multiple buffer overflows in IPUpdate 1.1 might allow attackers to execute arbitrary code via (1) memmcat in the memm module or (2) certain TSIG format records.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3779

Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 allows local users to gain privileges via unknown vectors.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2005-3777

MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to delete or move private messages (PM) via modified fields in the inbox form.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3776

Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allow remote attackers to inject arbitrary web script or HTML via (1) the subject field when creating a n…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2005-3531

fusermount in FUSE before 2.4.1, if installed setuid root, allows local users to corrupt /etc/mtab and possibly modify mount options by performing a mount over a directory whose name contains certain…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2005-3768

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in Symantec Dynamic VPN Services, as used in Enterprise Firewall, Gateway Security, and Firewall /VPN Appliance products,…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3769

SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3771

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) "GET and other variables" and (2) "SEF".

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3772

Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow remote attackers to execute arbitrary SQL commands via the (1) Itemid variable in the Polls modules and (2) multiple unspecified m…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2005-3773

Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact and attack vectors, related to "Potential misuse of Media component file management functions."

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2005-3774

Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of service (blocked new connections) via spoofed TCP packets that cause the PIX to create embryonic connections that that would not pro…

CVSS: 5.0CWE: N/A
Read more
2005-11-22
High

CVE-2005-3765

Exponent CMS 0.96.3 and later versions performs a chmod on uploaded files to give them execute permissions, which allows remote attackers to execute arbitrary code.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3767

Exponent CMS 0.96.3 and later versions does not properly restrict the types of uploaded files, which allows remote attackers to upload and execute PHP files.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3766

Exponent CMS 0.96.3 and later versions stores sensitive user pages under the web document root with insufficient access control even though certain permissions are specified, which allows attackers t…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3761

Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and later versions allows remote attackers to inject arbitrary web script or HTML via (1) Javascript in forms produced by the form gene…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2005-3764

The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly invol…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2005-3763

Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resu…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3762

SQL injection vulnerability in the navigation module (navigationmodule) in Exponent CMS 0.96.3 and later versions allows remote attackers to execute arbitrary SQL commands via the parent parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3756

Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to port scan arbitrary hosts via URLs with modified targets and ports, then comparing the resulting error m…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3757

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java clas…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3758

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script o…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3755

Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2005-3754

Cross-site scripting (XSS) vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to inject arbitrary Javascript, and possibly other web script o…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3751

HTTP request smuggling vulnerability in Pound before 1.9.4 allows remote attackers to poison web caches, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with c…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2005-3752

Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact and attack vectors, related to "ldapdiff.conf path construction".

CVSS: 10.0CWE: N/A
Read more
High

CVE-2005-3753

Linux kernel before after 2.6.12 and before 2.6.13.1 might allow attackers to cause a denial of service (Oops) via certain IPSec packets that cause alignment problems in standard multi-block cipher p…

CVSS: 7.8CWE: N/A
Read more
Low

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when register_globals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrate…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2005-3739

Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2005-3740

Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited par…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3741

Almond Classifieds does not properly verify the password, which allows attackers to bypass access restrictions.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3742

Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3743

SQL injection vulnerability in results.php in SimplePoll allows remote attackers to execute arbitrary SQL commands via the pollid parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3745

Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3746

SQL injection vulnerability in thread.php in APBoard allows remote attackers to execute arbitrary SQL commands via the start parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2005-3749

Unspecified "absolute path vulnerabilities" in the diagela command (diagela.sh) in IBM AIX 5.2 and 5.3 have unknown impact and attack vectors.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2005-3736

Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart allow remote attackers to inject arbitrary web script or HTML via the (1) strgifttoname parameter in shopgift.asp, (2) strfirstname…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2005-3737

Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.

CVSS: 5.1CWE: N/A
Read more
High

CVE-2005-3735

Multiple SQL injection vulnerabilities in e-Quick Cart allow remote attackers to execute arbitrary SQL commands via the (1) productid parameter in shopaddtocart.asp, (2) strpemail parameter in shoppr…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2005-3734

Cross-site scripting (XSS) vulnerability in the "add content" page in phpMyFAQ 1.5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) thema, (2) username, and (3…

CVSS: 4.3CWE: N/A
Read more
2005-11-21
Medium

CVE-2005-2339

Cross-site scripting (XSS) vulnerability in the Unicode version of msearch (unicode-msearch) 1.51(U1)-beta1, 1.51(U1), and 1.52(U1) allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2005-3733

The Internet Key Exchange version 1 (IKEv1) implementation in Juniper JUNOS and JUNOSe software for M, T, and J-series routers before release 6.4, and E-series routers before 7-1-0, allows remote att…

CVSS: 7.5CWE: N/A
Read more
>