Total
29739 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1325 | 1 Matthieu Aubry | 1 Phpmyvisites | 2025-04-03 | N/A |
| set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter. | ||||
| CVE-2004-0349 | 1 Gweb | 1 Gweb Http Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2005-4358 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message. | ||||
| CVE-2005-2252 | 1 Gianluca Baldo | 1 Phpauction | 2025-04-03 | N/A |
| PhpAuction 2.5 allows remote attackers to bypass authentication and gain privileges as another user by setting the PHPAUCTION_RM_ID cookie to the user ID. | ||||
| CVE-2005-2250 | 1 Nokia | 1 Affix | 2025-04-03 | N/A |
| Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share. | ||||
| CVE-2005-2248 | 1 Sven-ove Bjerkan | 1 Downloadprotect | 2025-04-03 | N/A |
| Directory traversal vulnerability in DownloadProtect before 1.0.3 allows remote attackers to read files above the download folder. | ||||
| CVE-2005-2166 | 1 Frozenplague.net | 1 Plague News System | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. | ||||
| CVE-2005-4367 | 1 Fad Solutions | 1 Drzes Hms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later reported to affect CONTROLzx (renamed from DRZES) 3.3.4. | ||||
| CVE-2005-2164 | 1 Covide Groupware-crm | 1 Covide | 2025-04-03 | N/A |
| SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | ||||
| CVE-2005-2163 | 1 Autoindex | 1 Php Script | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2005-4383 | 1 Citysoft | 1 Community Enterprise | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft Community Enterprise 4.x allows remote attackers to inject arbitrary web script or HTML via the (1) presentationSite, (2) docPublishYear, (3) docDescription, (4) publishState, (5) docAuthor, (6) docTitle, (7) subTopic, (8) topic, (9) topicRadio, (10) topicOnly, (11) startrow, and (12) sortby parameters. | ||||
| CVE-2003-0249 | 1 Php | 1 Php | 2025-04-03 | N/A |
| PHP treats unknown methods such as "PoSt" as a GET request, which could allow attackers to intended access restrictions if PHP is running on a server that passes on all methods, such as Apache httpd 2.0, as demonstrated using a Limit directive. NOTE: this issue has been disputed by the Apache security team, saying "It is by design that PHP allows scripts to process any request method. A script which does not explicitly verify the request method will hence be processed as normal for arbitrary methods. It is therefore expected behaviour that one cannot implement per-method access control using the Apache configuration alone, which is the assumption made in this report. | ||||
| CVE-2005-4396 | 1 Icms Content Management Systems | 1 Icms | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | ||||
| CVE-2003-0345 | 1 Microsoft | 3 Windows 2000, Windows Nt, Windows Xp | 2025-04-03 | N/A |
| Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required. | ||||
| CVE-2003-0386 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address. | ||||
| CVE-2003-0469 | 1 Microsoft | 7 Windows 2000, Windows 2003 Server, Windows 98 and 4 more | 2025-04-03 | N/A |
| Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long "align" argument in an HR tag. | ||||
| CVE-2005-4410 | 1 Nqcontent | 1 Nqcontent | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. | ||||
| CVE-2005-2162 | 1 Levcgi.com | 1 Myguestbook | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter. | ||||
| CVE-2005-2161 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. | ||||
| CVE-2005-4418 | 1 Vserver | 1 Util-vserver | 2025-04-03 | N/A |
| util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities. | ||||