Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-4645 | 1 3cfr | 1 3cfr | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter. | |||||
| CVE-2005-4624 | 1 Ptnet | 1 Ptnet Ircd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users. | |||||
| CVE-2005-4623 | 1 Efilego | 1 Efilego | 2008-09-05 | 5.0 MEDIUM | N/A |
| upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name. | |||||
| CVE-2005-4622 | 1 Efilego | 1 Efilego | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe. | |||||
| CVE-2005-4587 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2008-09-05 | 7.8 HIGH | N/A |
| Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port). | |||||
| CVE-2005-4586 | 1 Phpsurveyor | 1 Phpsurveyor | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts. | |||||
| CVE-2005-4578 | 1 Hitachi | 1 Business Logic | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form. | |||||
| CVE-2005-4457 | 1 Mailenable | 1 Mailenable Enterprise | 2008-09-05 | 7.5 HIGH | N/A |
| MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via several "..." (triple dot) sequences in a UID FETCH command. | |||||
| CVE-2005-4456 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 7.8 HIGH | N/A |
| Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402. | |||||
| CVE-2005-4455 | 1 Livejournal | 1 Livejournal | 2008-09-05 | 5.0 MEDIUM | N/A |
| cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote attackers to inject scripting languages via the XSL namespace in XML, via vectors such as customview.cgi. | |||||
| CVE-2005-4450 | 1 Phpmyadmin | 1 Phpmyadmin | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed. | |||||
| CVE-2005-4446 | 1 Aspbite | 1 Aspbite | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x allows remote attackers to inject arbitrary web script or HTML via the strSearch parameter. | |||||
| CVE-2005-4443 | 1 Gauche | 1 Gauche | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in Gauche before 0.8.6-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4442 | 1 Openldap | 1 Openldap | 2008-09-05 | 7.2 HIGH | N/A |
| Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||||
| CVE-2005-4423 | 1 Phpfm | 1 Phpfm | 2008-09-05 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell." | |||||
| CVE-2005-4422 | 1 Toenda Software Development | 1 Toendacms | 2008-09-05 | 6.5 MEDIUM | N/A |
| Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums. | |||||
| CVE-2005-4416 | 1 Tml | 1 Tml | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2005-4415 | 1 Tml | 1 Tml | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. | |||||
| CVE-2005-4414 | 1 Open Lab | 1 Teamwork | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." | |||||
| CVE-2005-4413 | 1 Ibm | 1 Websphere Application Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2) message field to (b) TechnologySample/BulletinBoard Script, (3) Email address field to (c) TechnologySamples/Subscription, and the (4) Movie Name, (5) Movie Reviewer, and (6) Movie Review fields to (d) TechnologySamples/MovieReview2_1. | |||||