Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2692 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module. | |||||
| CVE-2005-2691 | 1 Runcms | 1 Runcms | 2008-09-05 | 7.5 HIGH | N/A |
| includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code. | |||||
| CVE-2005-2690 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php. | |||||
| CVE-2005-2689 | 1 Postnuke Software Foundation | 1 Postnuke | 2008-09-05 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php. | |||||
| CVE-2005-2688 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields. | |||||
| CVE-2005-2686 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | |||||
| CVE-2005-2685 | 1 Savewebportal | 1 Savewebportal | 2008-09-05 | 7.5 HIGH | N/A |
| SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter. NOTE: it is possible that this vulnerability stems from PhpMyExplorer, which is a separate package. | |||||
| CVE-2005-2684 | 1 Virtech | 1 Netquery | 2008-09-05 | 7.5 HIGH | N/A |
| nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query. | |||||
| CVE-2005-2679 | 1 Sysinternals | 1 Process Explorer | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process. | |||||
| CVE-2005-2677 | 1 Acnews | 1 Acnews | 2008-09-05 | 5.0 MEDIUM | N/A |
| ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server. | |||||
| CVE-2005-2676 | 1 Coppermine | 1 Coppermine Photo Gallery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data. | |||||
| CVE-2005-2673 | 1 Woltlab | 1 Burning Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters. | |||||
| CVE-2005-2670 | 1 Hauri | 4 Livecall, Virobot Advanced Server, Virobot Expert and 1 more | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files. | |||||
| CVE-2005-2660 | 1 Apachetop | 1 Apachetop | 2008-09-05 | 2.1 LOW | N/A |
| apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug. | |||||
| CVE-2005-2658 | 1 Softwolves Software | 1 Turquoise Superstat | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month. | |||||
| CVE-2005-2656 | 1 Polygen | 1 Polygen | 2008-09-05 | 2.1 LOW | N/A |
| Polygen before 1.0.6 generates precompiled grammar objects with world-writable permissions, which allows local users to cause a denial of service (disk consumption) and possibly perform other unauthorized activities. | |||||
| CVE-2005-2655 | 1 Maildrop | 1 Maildrop | 2008-09-05 | 10.0 HIGH | N/A |
| lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. | |||||
| CVE-2005-2650 | 1 Emefa | 1 Emefa Guestbook | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. | |||||
| CVE-2005-2647 | 1 Xerox | 7 Document Centre 265, Document Centre 332, Document Centre 340 and 4 more | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors. | |||||
| CVE-2005-2646 | 1 Xerox | 20 Document Centre 220, Document Centre 230, Document Centre 240 and 17 more | 2008-09-05 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests. | |||||