Latest CVE Feed
-
4.3
MEDIUMCVE-2005-1877
Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel 1.59 and earlier allows remote attackers to inject arbitrary web script or HTML and obtain sensitive information via the pid parameter.... Read more
Affected Products : lpanel- EPSS Score: %0.36
- Published: Jun. 06, 2005
- Modified: Apr. 03, 2025
-
5.5
MEDIUMCVE-2005-1880
everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.... Read more
Affected Products : everybuddy- EPSS Score: %0.20
- Published: Jun. 06, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1885
view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to obtain sensitive information via a phid parameter that is not an integer, which reveals the path in an error message.... Read more
Affected Products : yapig- EPSS Score: %0.52
- Published: Jun. 06, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1881
upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict the file extension for uploaded image files, which allows remote attackers to upload arbitrary files and execute arbitrary PHP code.... Read more
Affected Products : yapig- EPSS Score: %6.75
- Published: Jun. 06, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-1888
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.... Read more
Affected Products : mediawiki- EPSS Score: %0.36
- Published: Jun. 06, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1910
SQL injection vulnerability in login.asp for WWWeb Concepts Events System 1.0 allows remote attackers to execute arbitrary SQL commands via the password.... Read more
Affected Products : events_system- EPSS Score: %0.69
- Published: Jun. 05, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1872
Buffer overflow in the administrative console in IBM WebSphere Application Server 5.x, when the global security option is enabled, allows remote attackers to execute arbitrary code.... Read more
Affected Products : websphere_application_server- EPSS Score: %5.18
- Published: Jun. 03, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-1858
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.... Read more
Affected Products : fuse- EPSS Score: %0.18
- Published: Jun. 03, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1839
Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.asp or (2) print.asp or (3) edit parameter to register.asp.... Read more
Affected Products : liberum_help_desk- EPSS Score: %0.58
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1838
Multiple cross-site scripting vulnerabilities in castnewPost.asp in Liberum Help Desk 0.97.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Email, (2) Title, or (3) Description fields.... Read more
Affected Products : liberum_help_desk- EPSS Score: %0.35
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1875
Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.... Read more
Affected Products : exhibit_engine- EPSS Score: %0.73
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1824
The sql_escape_string function in auth/sql.c for the mailutils SQL authentication module does not properly quote the "\" (backslash) character, which is used as an escape character and makes the module vulnerable to SQL injection attacks.... Read more
Affected Products : mailutils- EPSS Score: %1.24
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2005-1903
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.... Read more
Affected Products : spa-pro_mail_atsolomon- EPSS Score: %3.29
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1906
SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement ... Read more
Affected Products : livingmailing- EPSS Score: %0.49
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1840
Directory traversal vulnerability in class.layout_phpcms.php in phpCMS 1.2.x before 1.2.1pl2 allows remote attackers to read or include arbitrary files, as demonstrated using a .. (dot dot) in the language parameter to parser.php.... Read more
Affected Products : phpcms- EPSS Score: %1.14
- Published: Jun. 02, 2005
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2005-1794
Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 stores an RSA private key in mstlsapi.dll and uses it to sign a certificate, which allows remote attackers to spoof public keys of legitimate servers and conduct man-in-the-middle attacks.... Read more
- EPSS Score: %9.69
- Published: Jun. 01, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1788
SQL injection vulnerability in resellerresources.asp in Hosting Controller 6.1 Hotfix 2.0 allows remote attackers to execute arbitrary SQL commands via the jresourceid parameter.... Read more
Affected Products : hosting_controller- EPSS Score: %0.29
- Published: Jun. 01, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-1823
Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam X-Cart 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) cat or (2) printable parameter to home.php, (3) productid or (4) mode parameter to product.php, (5) id ... Read more
Affected Products : x-cart- EPSS Score: %0.46
- Published: Jun. 01, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1809
Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push.... Read more
- EPSS Score: %1.04
- Published: Jun. 01, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1810
SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $cat_ID variable, as demonstrated using the cat parameter to index.php.... Read more
Affected Products : wordpress- EPSS Score: %1.64
- Published: Jun. 01, 2005
- Modified: Apr. 03, 2025