CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
16151 CVE-2005-2147 2005-07-06 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
16152 CVE-2005-2120 Exec Code Overflow 2005-10-13 2018-10-12
6.5
User Remote Low Single system Partial Partial Partial
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
16153 CVE-2005-2057 XSS 2005-06-29 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to inject arbitrary web script or HTML via the (1) Searchpage parameter to dosearch.php, (2) Number, (3) what, or (4) page parameter to newreply.php, (5) Number, (6) Board, or (7) what parameter to showprofile.php, (8) fpart or (9) page parameter to showflat.php, or (10) like parameter to showmembers.php.
16154 CVE-2005-2007 Dir. Trav. 2005-06-19 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.
16155 CVE-2005-1892 DoS +Info 2005-06-09 2008-09-05
6.4
None Remote Low Not required Partial None Partial
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message.
16156 CVE-2005-1884 Dir. Trav. 2005-06-09 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in the (1) rmdir or (2) mkdir commands in upload.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to create or delete arbitrary directories via a .. (dot dot) in the dir parameter.
16157 CVE-2005-1794 2005-06-01 2018-03-27
6.4
None Remote Low Not required Partial Partial None
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.
16158 CVE-2005-1755 Exec Code File Inclusion 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.
16159 CVE-2005-1752 Exec Code 2005-12-31 2016-10-17
6.4
None Remote Low Not required Partial Partial None
viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.
16160 CVE-2005-1747 +Priv XSS 2005-05-24 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and Express 8.1 through Service Pack 4, and 7.0 through Service Pack 6, allow remote attackers to inject arbitrary web script or HTML, and possibly gain administrative privileges, via the (1) j_username or (2) j_password parameters in the login page (LoginForm.jsp), (3) parameters to the error page in the Administration Console, (4) unknown vectors in the Server Console while the administrator has an active session to obtain the ADMINCONSOLESESSION cookie, or (5) an alternate vector in the Server Console that does not require an active session but also leaks the username and password.
16161 CVE-2005-1676 XSS 2005-05-20 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile Workspace in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allow remote attackers to inject arbitrary web script or HTML via the (1) picture columns embedded within SharePoint lists or (2) drop-down menus in a SharePoint list.
16162 CVE-2005-1669 XSS Bypass 2005-06-16 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains.
16163 CVE-2005-1664 2005-05-18 2017-07-10
6.4
None Remote Low Not required Partial Partial None
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, or (3) use the ViewState to conduct attacks or expose content to third parties.
16164 CVE-2005-1653 XSS 2005-05-18 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote attackers to inject arbitrary web script or HTML via the email parameter.
16165 CVE-2005-1644 XSS 2005-05-18 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two Livre d'Or 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) livreornom, (2) livreoremail, or (3) livreormessage parameters.
16166 CVE-2005-1614 XSS 2005-05-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter.
16167 CVE-2005-1613 XSS 2005-05-16 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in member.php in Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to inject arbitrary web script or HTML via the reverse parameter in a list action.
16168 CVE-2005-1611 XSS 2005-05-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an "@" followed by the desired script.
16169 CVE-2005-1610 XSS 2005-05-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone NukeET 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via a base64 encoded Codigo parameter.
16170 CVE-2005-1607 XSS 2005-05-16 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart allows remote attackers to inject arbitrary web script or HTML via the (1) merchant or (2) demo parameters.
16171 CVE-2005-1605 XSS 2005-05-16 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl in Integrated Site Studio with H-Sphere.
16172 CVE-2005-1593 XSS 2005-05-16 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
16173 CVE-2005-1519 2005-05-11 2017-10-10
6.4
None Remote Low Not required None Partial Partial
Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.
16174 CVE-2005-1508 XSS 2005-05-11 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.
16175 CVE-2005-1502 XSS 2005-05-11 2017-07-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.
16176 CVE-2005-1448 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
16177 CVE-2005-1445 Dir. Trav. 2005-05-03 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.
16178 CVE-2005-1444 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php.
16179 CVE-2005-1443 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.
16180 CVE-2005-1440 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.
16181 CVE-2005-1436 XSS 2005-05-03 2013-07-14
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.
16182 CVE-2005-1423 DoS Dir. Trav. 2005-05-03 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter.
16183 CVE-2005-1403 XSS 2005-05-03 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.
16184 CVE-2005-1381 XSS 2005-05-03 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.
16185 CVE-2005-1380 XSS 2005-05-03 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.
16186 CVE-2005-1374 XSS 2005-05-03 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.
16187 CVE-2005-1317 XSS 2005-04-25 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.
16188 CVE-2005-1300 XSS 2005-04-25 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
16189 CVE-2005-1297 XSS 2005-04-25 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
16190 CVE-2005-1285 XSS 2005-04-22 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
16191 CVE-2005-1202 XSS 2005-05-02 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.
16192 CVE-2005-1201 Dir. Trav. 2005-05-02 2017-07-10
6.4
None Remote Low Not required Partial Partial None
Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a .. (dot dot) in the URL to admin_avatar.php or admin_attachment.php or (2) remote attackers to enumerate files via a .. (dot dot) in the attachment parameter to attachment.php, which displays a different message when a file exists or does not exist.
16193 CVE-2005-1186 XSS 2005-05-02 2017-07-10
6.8
User Remote Medium Not required Partial Partial Partial
Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.
16194 CVE-2005-1163 Exec Code Overflow 2005-05-02 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data.
16195 CVE-2005-1102 Exec Code XSS 2005-05-02 2016-10-17
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.
16196 CVE-2005-1090 Dir. Trav. 2005-05-02 2017-07-10
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files.
16197 CVE-2005-1087 2005-04-07 2017-07-10
6.4
None Remote Low Not required Partial Partial None
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
16198 CVE-2005-1086 Exec Code Overflow 2005-05-02 2017-07-10
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
16199 CVE-2005-1051 Exec Code Sql 2005-05-02 2016-10-17
6.5
User Remote Low Single system Partial Partial Partial
SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.
16200 CVE-2005-0966 DoS 2005-05-02 2018-10-19
6.4
None Remote Low Not required None Partial Partial
The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.