Vulnerabilities (CVE)

Filter

122577 total CVE
CVE Vendors Products Updated CVSS
CVE-2005-3535 1 Ketm 1 Ketm 2008-09-05 7.5
Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.
CVE-2005-3495 1 Ar-blog 1 Ar-blog 2008-09-05 7.5
Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies.
CVE-2005-3494 1 Ar-blog 1 Ar-blog 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment.
CVE-2005-3480 1 Ringtail 1 Casebook 2008-09-05 5.0
login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.
CVE-2005-3479 1 Ringtail 1 Casebook 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter.
CVE-2005-3477 1 Invision Power Services 1 Invision Gallery 2008-09-05 4.3
Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is...
CVE-2005-3474 1 Sony 1 First4internet Xcp Content Management 2008-09-05 4.6
The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.
CVE-2005-3426 1 Cisco 1 Content Services Switch 11500 2008-09-05 5.0
Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.
CVE-2005-3425 1 Gnu 1 Gnump3d 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.
CVE-2005-3423 1 Subdreamer 1 Subdreamer 2008-09-05 7.5
Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and...
CVE-2005-3397 1 Comersus Open Technologies 2 Comersus Backoffice Plus, Comersus Backoffice Lite 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message...
CVE-2005-3339 1 Mantis 1 Mantis 2008-09-05 7.2
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
CVE-2005-3338 1 Mantis 1 Mantis 2008-09-05 5.0
Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.
CVE-2005-3337 1 Mantis 1 Mantis 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
CVE-2005-3332 1 Belchior Foundry 1 Vcard 2008-09-05 7.5
PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter.
CVE-2005-3326 1 Mybulletinboard 1 Mybulletinboard 2008-09-05 7.5
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
CVE-2005-3320 1 Siteturn 1 Domain Manager Pro 2008-09-05 2.6
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
CVE-2005-3302 1 Blender 1 Blender 2008-09-05 7.5
Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
CVE-2005-3299 1 Phpmyadmin 1 Phpmyadmin 2008-09-05 5.0
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
CVE-2005-3292 1 Xeobook 1 Xeobook 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 allow remote attackers to inject arbitrary web script or HTML via Javascript events in tages such as <b>.