# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
101451 |
CVE-2005-1319 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101452 |
CVE-2005-1318 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101453 |
CVE-2005-1317 |
|
|
XSS |
2005-04-25 |
2008-09-05 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101454 |
CVE-2005-1316 |
|
|
XSS |
2005-05-02 |
2008-09-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101455 |
CVE-2005-1315 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101456 |
CVE-2005-1314 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101457 |
CVE-2005-1313 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title. |
101458 |
CVE-2005-1312 |
|
|
Exec Code File Inclusion |
2005-04-24 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. |
101459 |
CVE-2005-1311 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
101460 |
CVE-2005-1310 |
|
|
Exec Code Sql |
2005-04-23 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. |
101461 |
CVE-2005-1309 |
|
|
XSS |
2005-05-02 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. |
101462 |
CVE-2005-1308 |
|
|
|
2005-04-15 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. |
101463 |
CVE-2005-1307 |
|
|
Exec Code |
2005-05-17 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary code by copying and calling the scripts from a user-controlled directory. |
101464 |
CVE-2005-1306 |
|
|
|
2005-06-15 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability." |
101465 |
CVE-2005-1305 |
|
|
|
2005-05-02 |
2016-10-17 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
101466 |
CVE-2005-1304 |
|
|
|
2005-05-02 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument. |
101467 |
CVE-2005-1303 |
|
|
|
2005-04-24 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. |
101468 |
CVE-2005-1302 |
|
|
Exec Code Sql |
2005-05-02 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. |
101469 |
CVE-2005-1300 |
|
|
XSS |
2005-04-25 |
2016-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
101470 |
CVE-2005-1299 |
|
|
Exec Code |
2005-04-25 |
2016-10-17 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
101471 |
CVE-2005-1298 |
|
|
|
2005-04-25 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
101472 |
CVE-2005-1297 |
|
|
XSS |
2005-04-25 |
2016-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. |
101473 |
CVE-2005-1296 |
|
|
Exec Code |
2005-04-25 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. |
101474 |
CVE-2005-1295 |
|
|
|
2005-04-25 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. |
101475 |
CVE-2005-1294 |
|
|
+Priv |
2005-04-24 |
2016-10-17 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. |
101476 |
CVE-2005-1293 |
|
|
Exec Code Sql |
2005-05-02 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter. |
101477 |
CVE-2005-1292 |
|
|
XSS |
2005-05-02 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. |
101478 |
CVE-2005-1291 |
|
|
Exec Code Sql |
2005-04-23 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. |
101479 |
CVE-2005-1290 |
|
|
XSS |
2005-05-02 |
2016-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. |
101480 |
CVE-2005-1289 |
|
|
Exec Code |
2005-05-02 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. |
101481 |
CVE-2005-1288 |
|
|
+Priv |
2005-05-02 |
2016-10-17 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. |
101482 |
CVE-2005-1287 |
|
|
Exec Code Sql |
2005-04-23 |
2018-10-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp. |
101483 |
CVE-2005-1285 |
|
|
XSS |
2005-04-22 |
2016-10-17 |
6.8 |
User |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. |
101484 |
CVE-2005-1284 |
|
|
|
2005-05-02 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. |
101485 |
CVE-2005-1283 |
|
|
Dir. Trav. |
2005-04-22 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. |
101486 |
CVE-2005-1282 |
|
|
XSS |
2005-05-02 |
2017-07-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. |
101487 |
CVE-2005-1281 |
|
|
DoS |
2005-04-26 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Ethereal 0.10.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. |
101488 |
CVE-2005-1280 |
|
|
DoS |
2005-05-02 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4. |
101489 |
CVE-2005-1279 |
|
|
DoS |
2005-05-02 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function. |
101490 |
CVE-2005-1278 |
|
|
DoS |
2005-05-02 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet. |
101491 |
CVE-2005-1275 |
|
|
DoS Overflow |
2005-04-25 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. |
101492 |
CVE-2005-1274 |
|
|
Exec Code Overflow |
2005-04-26 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the getIfHeader function in the WebDAV functionality in MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via an HTTP unlock request and a long "If" parameter. |
101493 |
CVE-2005-1272 |
|
|
Exec Code Overflow |
2005-08-05 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050. |
101494 |
CVE-2005-1269 |
|
|
DoS |
2005-06-16 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. |
101495 |
CVE-2005-1268 |
|
|
DoS Overflow |
2005-08-05 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. |
101496 |
CVE-2005-1267 |
|
|
DoS |
2005-06-10 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. |
101497 |
CVE-2005-1266 |
|
|
DoS |
2005-06-15 |
2017-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries. |
101498 |
CVE-2005-1264 |
|
|
|
2005-05-17 |
2018-10-19 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space, a similar vulnerability to CVE-2005-1589. |
101499 |
CVE-2005-1263 |
|
|
Exec Code Overflow |
2005-05-11 |
2018-10-19 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow. |
101500 |
CVE-2005-1262 |
|
|
DoS |
2005-05-11 |
2018-10-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. |