CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15851 CVE-2005-4476 XSS 2005-12-22 2013-09-12
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in store/search/results.html in OpenEdit 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) oe-action and (2) page parameters.
15852 CVE-2005-4475 XSS 2005-12-22 2008-09-20
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
15853 CVE-2005-4424 Exec Code Dir. Trav. 2005-12-20 2017-07-19
6.5
User Remote Low Single system Partial Partial Partial
Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. (dot dot) in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00.
15854 CVE-2005-4423 Exec Code 2005-12-20 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension to an accessible directory, as demonstrated using a file with a .php extension, aka "upload phpshell."
15855 CVE-2005-4422 Exec Code 2005-12-20 2008-09-05
6.5
User Remote Low Single system Partial Partial Partial
Unrestricted file upload vulnerability in toendaCMS before 0.6.2 Stable allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in data/images/albums.
15856 CVE-2005-4417 2005-12-20 2018-10-19
6.4
None Remote Low Not required Partial Partial None
The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication and Authorization values, which allows remote attackers to send arbitrary audio and possibly eavesdrop using the microphone via the Hands Free Audio Gateway and Headset profile.
15857 CVE-2005-4402 Exec Code Overflow 2005-12-20 2016-10-17
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.
15858 CVE-2005-4384 2005-12-19 2017-07-19
6.4
None Remote Low Not required Partial Partial None
CitySoft Community Enterprise 4.x allows remote attackers to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
15859 CVE-2005-4366 Exec Code Sql 2005-12-19 2008-09-20
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php; (2) the customerPlanID parameter to viewplan.php; (3) the ref_id parameter to referred_plans.php; (4) customerPlanID parameter to listcharges.php; and (5) the domain parameter to (k) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php, (g) pass_dirs.php, (h) zone_files.php, (i) htaccess.php, and (j) software.php. NOTE: the viewinvoice.php invoiceID vector is already covered by CVE-2005-4137.
15860 CVE-2005-4359 Exec Code Sql 2005-12-19 2008-09-20
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.
15861 CVE-2005-4349 89 Exec Code Sql CSRF 2005-12-19 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
** DISPUTED ** SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450.
15862 CVE-2005-4317 Exec Code XSS 2005-12-17 2018-10-19
6.8
User Remote Medium Not required Partial Partial Partial
Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not protect the $_SERVER variable from external modification, which allows remote attackers to use the _SERVER[REMOTE_ADDR] parameter to (1) conduct cross-site scripting (XSS) attacks in the stats module or (2) execute arbitrary code via an eval injection attack in the wrapper option in index2.php.
15863 CVE-2005-4178 Exec Code Overflow 2005-12-12 2018-10-30
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
15864 CVE-2005-4147 Bypass 2005-12-10 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a trailing "@" characters.
15865 CVE-2005-4145 2005-12-10 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
15866 CVE-2005-4131 Exec Code Mem. Corr. 2005-12-09 2018-10-19
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
15867 CVE-2005-4093 264 Bypass 2005-12-08 2011-05-18
6.5
None Remote Low Single system Partial Partial Partial
Check Point VPN-1 SecureClient NG with Application Intelligence R56, NG FP1, 4.0, and 4.1 allows remote attackers to bypass security policies by modifying the local copy of the local.scv policy file after it has been downloaded from the VPN Endpoint.
15868 CVE-2005-3974 Bypass 2005-12-03 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on PHP5, does not correctly enforce user privileges, which allows remote attackers to bypass the "access user profiles" permission.
15869 CVE-2005-3950 DoS 2005-12-01 2008-09-05
6.8
None Remote Low Single system None None Complete
nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets.
15870 CVE-2005-3927 Dir. Trav. 2005-11-30 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php.
15871 CVE-2005-3914 Exec Code Sql 2005-11-30 2009-10-09
6.4
None Remote Low Not required Partial Partial None
Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php.
15872 CVE-2005-3878 Dir. Trav. 2005-11-29 2009-10-09
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
15873 CVE-2005-3820 Exec Code Dir. Trav. 2005-11-25 2018-10-19
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
15874 CVE-2005-3812 DoS 2005-11-25 2018-10-19
6.8
None Remote Low Single system None None Complete
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
15875 CVE-2005-3806 399 DoS 2005-11-25 2018-10-19
6.6
None Local Low Not required None Complete Complete
The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels 2.4 up to 2.4.32 and 2.6 before 2.6.14 modifies the wrong variable in certain circumstances, which allows local users to corrupt kernel memory or cause a denial of service (crash) by triggering a free of non-allocated memory.
15876 CVE-2005-3804 DoS +Info 2005-11-24 2017-07-10
6.4
None Remote Low Not required Partial None Partial
Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support a VxWorks debugger, which allows remote attackers to obtain sensitive information and cause a denial of service.
15877 CVE-2005-3725 DoS 2005-11-21 2016-10-17
6.4
None Remote Low Not required None Partial Partial
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP addresses for its DNS servers, which could allow remote attackers to cause a denial of service or hijack Zyxel phones by attacking or spoofing the hardcoded DNS servers. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
15878 CVE-2005-3724 200 DoS +Info 2005-11-21 2017-07-10
6.4
None Remote Low Not required Partial None Partial
Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which is undocumented and does not require authentication.
15879 CVE-2005-3712 119 Exec Code Overflow 2005-12-31 2017-07-10
6.5
None Remote Low Single system Partial Partial Partial
Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.
15880 CVE-2005-3706 Exec Code Overflow 2005-12-31 2017-07-10
6.4
None Remote Low Not required None Partial Partial
Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.
15881 CVE-2005-3680 Dir. Trav. 2005-11-18 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in editor_registry.php in XOOPS 2.2.3 allows remote attackers to read or include arbitrary local files via a .. (dot dot) in the xoopsConfig[language] parameter.
15882 CVE-2005-3619 XSS 2005-12-31 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
15883 CVE-2005-3555 Exec Code Sql 2005-11-16 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page.
15884 CVE-2005-3549 Exec Code 2005-11-16 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Direct code injection vulnerability in Task Manager in Invision Power Board 2.0.1 allows limited remote attackers to execute arbitrary code by referencing the file in "Task PHP File To Run" field and selecting "Run Task Now".
15885 CVE-2005-3543 89 Exec Code Sql 2005-11-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.
15886 CVE-2005-3526 Exec Code Overflow 2005-12-31 2018-10-19
6.5
User Remote Low Single system Partial Partial Partial
Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.
15887 CVE-2005-3366 Exec Code XSS File Inclusion 2005-10-30 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
15888 CVE-2005-3355 22 Dir. Trav. 2005-11-18 2011-10-18
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values".
15889 CVE-2005-3347 22 Dir. Trav. 2005-11-17 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple directory traversal vulnerabilities in index.php in phpSysInfo 2.4 and earlier, as used in phpgroupware 0.9.16 and earlier, and egrouwpware before 1.0.0.009, allow remote attackers to include arbitrary files via .. (dot dot) sequences in the (1) sensor_program parameter or the (2) _SERVER[HTTP_ACCEPT_LANGUAGE] parameter, which overwrites an internal variable, a variant of CVE-2003-0536. NOTE: due to a typo in an advisory, an issue in osh was inadvertently linked to this identifier; the proper identifier for the osh issue is CVE-2005-3346.
15890 CVE-2005-3251 Dir. Trav. 2005-10-17 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter.
15891 CVE-2005-3249 DoS 2005-10-27 2017-10-10
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.
15892 CVE-2005-3236 Sql XSS 2005-10-14 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
15893 CVE-2005-3208 Exec Code Sql XSS 2005-10-14 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
15894 CVE-2005-3202 XSS 2005-10-14 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters.
15895 CVE-2005-3086 Dir. Trav. 2005-09-27 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter.
15896 CVE-2005-3048 Dir. Trav. 2005-09-23 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.
15897 CVE-2005-3046 89 +Priv Sql 2005-09-23 2016-10-17
6.8
None Remote Medium Not required Partial Partial Partial
SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows remote attackers to modify SQL queries and gain administrator privileges via the user field.
15898 CVE-2005-2994 XSS 2005-09-20 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the web client for IBM Rational ClearQuest 2002.05.00 and 2002.05.20, and 2003.06.00 through 2003.06.15 before SR5, allows remote attackers to execute XML Style Sheets (XSS).
15899 CVE-2005-2891 2005-09-14 2017-07-10
6.4
None Remote Low Not required Partial Partial None
WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is marked safe for scripting by default, which allows remote attackers to read or write to arbitrary files via the (1) MakeArchive or (2) MakeArchiveStr methods.
15900 CVE-2005-2849 2005-09-08 2016-10-17
6.4
None Remote Low Not required Partial Partial None
Argument injection vulnerability in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to (1) read portions of source code via the -f option to Dig (dig_device.cgi), (2) determine file existence via the -r argument to Tcpdump (tcpdump_device.cgi) or (3) modify files in the cgi-bin directory via the -w argument to Tcpdump.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.