Total
258583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1909 | 1 Software602 | 1 602lan Suite | 2008-09-05 | 4.3 MEDIUM | N/A |
| The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a "</pre><!-" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-1908 | 1 Perception | 1 Liteweb | 2008-09-05 | 7.5 HIGH | N/A |
| Perception LiteWeb allows remote attackers to bypass access controls for files via an extra leading / (slash) or leading \ (backslash) in the URL. | |||||
| CVE-2005-1898 | 1 Phpthumb | 1 Phpthumb | 2008-09-05 | 5.0 MEDIUM | N/A |
| The passthrough functionality in phpThumb.php in phpThumb() before 1.5.4 allows remote attackers to read files that are not images. | |||||
| CVE-2005-1897 | 1 Flexcast | 1 Flexcast Audio Video Streaming Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in FlexCast Audio Video Streaming Server before 2.0 has unknown impact and attack vectors. | |||||
| CVE-2005-1890 | 1 Mortiforo | 1 Mortiforo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Mortiforo before 0.9.1 allows users to access private forums via unknown attack vectors. | |||||
| CVE-2005-1888 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates. | |||||
| CVE-2005-1886 | 1 Yapig | 1 Yapig | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment. | |||||
| CVE-2005-1885 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message. | |||||
| CVE-2005-1884 | 1 Yapig | 1 Yapig | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter. | |||||
| CVE-2005-1883 | 1 Yapig | 1 Yapig | 2008-09-05 | 5.0 MEDIUM | N/A |
| global.php in YaPiG 0.92b allows remote attackers to include arbitrary local files via the BASE_DIR parameter. | |||||
| CVE-2005-1882 | 1 Yapig | 1 Yapig | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in last_gallery.php in YaPiG 0.93u and 0.94u allows remote attackers to execute arbitrary PHP code via the YAPIG_PATH parameter. | |||||
| CVE-2005-1878 | 1 Giptables | 1 Giptables Firewall | 2008-09-05 | 1.2 LOW | N/A |
| GIPTables Firewall 1.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the temp.ip.addresses temporary file. | |||||
| CVE-2005-1877 | 1 Lpanel | 1 Lpanel | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter. | |||||
| CVE-2005-1866 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix Advanced 1.5 allows remote attackers to inject arbitrary web script or HTML via the year parameter. | |||||
| CVE-2005-1864 | 1 Vincent Hor | 1 Calendarix Advanced | 2008-09-05 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in cal_admintop.php in Calendarix Advanced 1.5 allows remote attackers to execute arbitrary PHP code via the calpath parameter. | |||||
| CVE-2005-1858 | 1 Fuse | 1 Fuse | 2008-09-05 | 2.1 LOW | N/A |
| FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information. | |||||
| CVE-2005-1856 | 1 Sukria | 1 Backup Manager | 2008-09-05 | 2.1 LOW | N/A |
| The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack. | |||||
| CVE-2005-1855 | 2 Debian, Sukria | 2 Debian Linux, Backup Manager | 2008-09-05 | 2.1 LOW | N/A |
| Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. | |||||
| CVE-2005-1853 | 1 University Of Minnesota | 1 Gopher | 2008-09-05 | 7.2 HIGH | N/A |
| gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges. | |||||
| CVE-2005-1848 | 1 Phystech | 1 Dhcpcd | 2008-09-05 | 5.0 MEDIUM | N/A |
| The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause a denial of service (daemon crash) via unknown vectors that cause an out-of-bounds memory read. | |||||