CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15051 CVE-2005-4651 Exec Code Sql 2005-12-31 2008-09-20
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter.
15052 CVE-2005-4600 22 Dir. Trav. 2005-12-31 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.
15053 CVE-2005-4558 2005-12-28 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
15054 CVE-2005-4493 XSS 2005-12-22 2013-07-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
15055 CVE-2005-4482 XSS 2005-12-22 2013-07-18
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the ret_page parameter.
15056 CVE-2005-4481 XSS 2005-12-22 2008-09-20
6.8
User Remote Medium Not required Partial Partial Partial
** DISPUTED ** Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package.
15057 CVE-2005-4480 XSS 2005-12-22 2008-09-20
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
15058 CVE-2005-4477 XSS 2005-12-22 2008-09-20
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the bab[searchfor] parameter.
15059 CVE-2005-4476 XSS 2005-12-22 2013-09-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters.
15060 CVE-2005-4475 XSS 2005-12-22 2008-09-20
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
15061 CVE-2005-4424 Exec Code Dir. Trav. 2005-12-20 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
15062 CVE-2005-4423 Exec Code 2005-12-20 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
15063 CVE-2005-4422 Exec Code 2005-12-20 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums.
15064 CVE-2005-4417 2005-12-20 2018-10-19
6.4
None Remote Low Not required Partial Partial None
The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.
15065 CVE-2005-4402 Exec Code Overflow 2005-12-20 2016-10-17
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.
15066 CVE-2005-4384 2005-12-19 2017-07-19
6.4
None Remote Low Not required Partial Partial None
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
15067 CVE-2005-4366 Exec Code Sql 2005-12-19 2008-09-20
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137.
15068 CVE-2005-4359 Exec Code Sql 2005-12-19 2008-09-20
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
15069 CVE-2005-4349 89 Exec Code Sql CSRF 2005-12-19 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450.
15070 CVE-2005-4317 Exec Code XSS 2005-12-17 2018-10-19
6.8
User Remote Medium Not required Partial Partial Partial
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.
15071 CVE-2005-4178 Exec Code Overflow 2005-12-12 2018-10-30
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
15072 CVE-2005-4147 Bypass 2005-12-10 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing "@" characters.
15073 CVE-2005-4145 2005-12-10 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
15074 CVE-2005-4131 Exec Code Mem. Corr. 2005-12-09 2018-10-19
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
15075 CVE-2005-4093 264 Bypass 2005-12-08 2011-05-18
6.5
None Remote Low Single system Partial Partial Partial
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
15076 CVE-2005-3974 Bypass 2005-12-03 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
15077 CVE-2005-3950 DoS 2005-12-01 2008-09-05
6.8
None Remote Low Single system None None Complete
nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets.
15078 CVE-2005-3927 Dir. Trav. 2005-11-30 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
15079 CVE-2005-3914 Exec Code Sql 2005-11-30 2009-10-09
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
15080 CVE-2005-3878 Dir. Trav. 2005-11-29 2009-10-09
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
15081 CVE-2005-3820 Exec Code Dir. Trav. 2005-11-25 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
15082 CVE-2005-3812 DoS 2005-11-25 2018-10-19
6.8
None Remote Low Single system None None Complete
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
15083 CVE-2005-3806 399 DoS 2005-11-25 2018-10-19
6.6
None Local Low Not required None Complete Complete
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.
15084 CVE-2005-3804 DoS +Info 2005-11-24 2017-07-10
6.4
None Remote Low Not required Partial None Partial
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
15085 CVE-2005-3725 DoS 2005-11-21 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
15086 CVE-2005-3724 200 DoS +Info 2005-11-21 2017-07-10
6.4
None Remote Low Not required Partial None Partial
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
15087 CVE-2005-3712 119 Exec Code Overflow 2005-12-31 2017-07-10
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
15088 CVE-2005-3706 Exec Code Overflow 2005-12-31 2017-07-10
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
15089 CVE-2005-3680 Dir. Trav. 2005-11-18 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
15090 CVE-2005-3619 XSS 2005-12-31 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
15091 CVE-2005-3555 Exec Code Sql 2005-11-16 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
15092 CVE-2005-3549 Exec Code 2005-11-16 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
15093 CVE-2005-3543 89 Exec Code Sql 2005-11-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.
15094 CVE-2005-3526 Exec Code Overflow 2005-12-31 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
15095 CVE-2005-3366 Exec Code XSS File Inclusion 2005-10-30 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
15096 CVE-2005-3355 22 Dir. Trav. 2005-11-18 2011-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
15097 CVE-2005-3347 22 Dir. Trav. 2005-11-17 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
15098 CVE-2005-3251 Dir. Trav. 2005-10-17 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
15099 CVE-2005-3249 DoS 2005-10-27 2017-10-10
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.
15100 CVE-2005-3236 Sql XSS 2005-10-14 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.