Latest CVE Feed
-
5.0
MEDIUMCVE-2005-0655
auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.... Read more
Affected Products : auracms- EPSS Score: %0.46
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-0541
consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter.... Read more
Affected Products : alterpath_manager- EPSS Score: %0.74
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-0568
Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.... Read more
Affected Products : soldier_of_fortune_2- EPSS Score: %5.49
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1221
SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field.... Read more
Affected Products : ecommpro- EPSS Score: %0.58
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1329
owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.... Read more
Affected Products : oneworldstore- EPSS Score: %17.86
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2005-0542
saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true.... Read more
Affected Products : alterpath_manager- EPSS Score: %0.07
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-1364
Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.... Read more
Affected Products : metabid_auctions- EPSS Score: %1.04
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-1075
Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.... Read more
Affected Products : radbids- EPSS Score: %0.88
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2005-1086
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.... Read more
Affected Products : an-httpd- EPSS Score: %7.16
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2005-1104
Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields.... Read more
Affected Products : centra- EPSS Score: %0.30
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2005-0492
Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.... Read more
Affected Products : acrobat_reader- EPSS Score: %1.79
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1164
Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.... Read more
Affected Products : yager_game- EPSS Score: %8.72
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-0332
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or... Read more
Affected Products : desknow_mail_and_collaboration_server- EPSS Score: %1.63
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1184
The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" pa... Read more
- EPSS Score: %44.26
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-0344
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.... Read more
Affected Products : 602lan_suite- EPSS Score: %5.11
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-0338
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.... Read more
Affected Products : savant_webserver- EPSS Score: %10.48
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2005-0825
Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file.... Read more
Affected Products : ltris- EPSS Score: %1.20
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-0853
betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was l... Read more
Affected Products : betaparticle_blog- EPSS Score: %13.24
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-1198
Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.... Read more
Affected Products : foundation_directory- EPSS Score: %0.21
- Published: May. 02, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2005-0573
Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.... Read more
Affected Products : gaim- EPSS Score: %0.66
- Published: May. 02, 2005
- Modified: Apr. 03, 2025