CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15901 CVE-2005-2815 DoS +Info 2005-09-07 2017-07-10
6.4
None Remote Low Not required Partial None Partial
print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
15902 CVE-2005-2714 59 2005-12-31 2018-10-19
6.8
Admin Local Low Single system Complete Complete Complete
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.
15903 CVE-2005-2713 2005-12-31 2018-10-19
6.8
Admin Local Low Single system Complete Complete Complete
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
15904 CVE-2005-2706 2005-09-23 2017-10-10
6.4
None Remote Low Not required Partial Partial None
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
15905 CVE-2005-2646 DoS 2005-08-23 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.
15906 CVE-2005-2613 Exec Code 2005-08-17 2017-07-10
6.4
None Remote Low Not required Partial Partial None
Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.
15907 CVE-2005-2605 Bypass 2005-08-17 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.
15908 CVE-2005-2571 2005-08-16 2016-10-17
6.4
None Remote Low Not required Partial Partial None
FunkBoard 0.66CF, and possibly earlier versions, does not properly restrict access to the (1) admin/mysql_install.php and (2) admin/pg_install.php scripts, which allows attackers to obtain the database username and password or inject arbitrary PHP code into info.php.
15909 CVE-2005-2468 Exec Code Sql 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.
15910 CVE-2005-2466 Exec Code Sql 2005-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
15911 CVE-2005-2463 +Info 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message.
15912 CVE-2005-2461 Exec Code Sql 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.
15913 CVE-2005-2390 DoS +Info 2005-07-27 2016-10-17
6.4
None Remote Low Not required Partial None Partial
Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 allow attackers to cause a denial of service or obtain sensitive information via (1) certain inputs to the shutdown message from ftpshut, or (2) the SQLShowInfo mod_sql directive.
15914 CVE-2005-2255 Dir. Trav. +Info 2005-07-13 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan parameter to (1) index.php or (2) admin/index.php.
15915 CVE-2005-2212 2005-07-11 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Backup Manager 0.5.8a creates an archive repository with world readable and writable permissions, which allows attackers to modify or read the repository.
15916 CVE-2005-2201 DoS 2005-07-11 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Unknown vulnerability in the MicroServer Web Server for Xerox WorkCentre Pro Color 2128, 2636, and 3545, version 0.001.04.044 through 0.001.04.504, allow attackers to cause a denial of service or access files via crafted HTTP requests.
15917 CVE-2005-2176 2005-07-09 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies.
15918 CVE-2005-2147 2005-07-06 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
15919 CVE-2005-2120 Exec Code Overflow 2005-10-13 2018-10-12
6.5
User Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
15920 CVE-2005-2057 XSS 2005-06-29 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php.
15921 CVE-2005-2007 Dir. Trav. 2005-06-19 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.
15922 CVE-2005-1892 DoS +Info 2005-06-09 2008-09-05
6.4
None Remote Low Not required Partial None Partial
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
15923 CVE-2005-1884 Dir. Trav. 2005-06-09 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter.
15924 CVE-2005-1794 2005-06-01 2018-03-27
6.4
None Remote Low Not required Partial Partial None
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
15925 CVE-2005-1755 Exec Code File Inclusion 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.
15926 CVE-2005-1752 Exec Code 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
15927 CVE-2005-1747 +Priv XSS 2005-05-24 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
15928 CVE-2005-1676 XSS 2005-05-20 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.
15929 CVE-2005-1669 XSS Bypass 2005-06-16 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
15930 CVE-2005-1664 2005-05-18 2017-07-10
6.4
None Remote Low Not required Partial Partial None
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
15931 CVE-2005-1653 XSS 2005-05-18 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.
15932 CVE-2005-1644 XSS 2005-05-18 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters.
15933 CVE-2005-1614 XSS 2005-05-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
15934 CVE-2005-1613 XSS 2005-05-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.
15935 CVE-2005-1611 XSS 2005-05-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script.
15936 CVE-2005-1610 XSS 2005-05-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.
15937 CVE-2005-1607 XSS 2005-05-16 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters.
15938 CVE-2005-1605 XSS 2005-05-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.
15939 CVE-2005-1593 XSS 2005-05-16 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
15940 CVE-2005-1519 2005-05-11 2017-10-10
6.4
None Remote Low Not required None Partial Partial
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
15941 CVE-2005-1508 XSS 2005-05-11 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
15942 CVE-2005-1502 XSS 2005-05-11 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
15943 CVE-2005-1448 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
15944 CVE-2005-1445 Dir. Trav. 2005-05-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.
15945 CVE-2005-1444 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php.
15946 CVE-2005-1443 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
15947 CVE-2005-1440 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
15948 CVE-2005-1436 XSS 2005-05-03 2013-07-14
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
15949 CVE-2005-1423 DoS Dir. Trav. 2005-05-03 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
15950 CVE-2005-1403 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.