Vulnerabilities (CVE)

Filter

120061 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-2168 1 Frozenplague.net 1 Plague News System 2008-09-05 5.0
delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter.
CVE-2005-2167 1 Frozenplague.net 1 Plague News System 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter.
CVE-2005-2166 1 Frozenplague.net 1 Plague News System 2008-09-05 5.0
SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2005-2165 1 Globalnotescript 1 Globalnotescript 2008-09-05 7.5
read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters.
CVE-2005-2156 1 Phpnews 1 Phpnews 2008-09-05 7.5
SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter.
CVE-2005-2154 1 Osticket 1 Osticket Sts 2008-09-05 7.5
PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter.
CVE-2005-2153 1 Osticket 1 Osticket Sts 2008-09-05 7.5
SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable.
CVE-2005-2152 1 Geeklog 1 Geeklog 2008-09-05 7.5
SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article.
CVE-2005-2151 1 Double Precision Incorporated 1 Courier Mail Server 2008-09-05 5.0
spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption.
CVE-2005-2147 1 Edgewall Software 1 Trac 2008-09-05 6.4
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts.
CVE-2005-2146 1 Ssh 1 Tectia Server 2008-09-05 4.6
SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server.
CVE-2005-2145 1 Prevx 1 Prevx Pro 2005 2008-09-05 4.6
The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message.
CVE-2005-2144 1 Prevx 1 Prevx Pro 2005 2008-09-05 2.1
Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file.
CVE-2005-2143 1 Microsoft 1 Frontpage 2008-09-05 5.0
Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page.
CVE-2005-2142 1 Kmint21 Software 1 Golden Ftp Server 2008-09-05 2.1
Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command.
CVE-2005-2141 1 Jollybox.de 1 Tcp Chat 2008-09-05 5.0
TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow.
CVE-2005-2140 1 Fsboard 1 Fsboard 2008-09-05 5.0
Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.
CVE-2005-2138 1 Comdev 1 Comdev Ecommerce 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message.
CVE-2005-2137 1 Nateon 1 Nateon Messenger 2008-09-05 5.0
Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors.
CVE-2005-2136 1 Raritan 1 Dominion 2008-09-05 4.6
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute...