Total
29750 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2997 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | N/A |
| Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php. | ||||
| CVE-2005-2998 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | N/A |
| PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files. | ||||
| CVE-2005-2999 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | N/A |
| PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php. | ||||
| CVE-2005-3000 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. | ||||
| CVE-2005-3001 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | ||||
| CVE-2005-3002 | 1 Xclusive-software | 1 Mccs | 2025-04-03 | N/A |
| Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet. | ||||
| CVE-2005-3003 | 1 Noosoftware | 1 Nootoplist | 2025-04-03 | N/A |
| SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters. | ||||
| CVE-2005-3018 | 1 Apple | 1 Safari | 2025-04-03 | N/A |
| Apple Safari allows remote attackers to cause a denial of service (application crash) via a crafted data:// URL. | ||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2025-04-03 | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | ||||
| CVE-2005-3021 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action. | ||||
| CVE-2005-3023 | 1 Jelsoft | 1 Vbulletin | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php. | ||||
| CVE-2005-3045 | 1 My Little Homepage | 1 My Little Forum | 2025-04-03 | N/A |
| SQL injection vulnerability in search.php in My Little Forum 1.5 and 1.6 beta allows remote attackers to execute arbitrary SQL commands via the phrase field. | ||||
| CVE-2005-3049 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | N/A |
| PhpMyFaq 1.5.1 stores data files under the web document root with insufficient access control and predictable filenames, which allows remote attackers to obtain sensitive information via a direct request to the data/tracking[DATE] file. | ||||
| CVE-2005-3050 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-03 | N/A |
| PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information via a LANGCODE parameter that does not exist, which reveals the path in an error message. | ||||
| CVE-2005-3080 | 1 Geshi | 1 Geshi | 2025-04-03 | N/A |
| contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. | ||||
| CVE-2005-3073 | 1 Interchange Development Group | 1 Interchange | 2025-04-03 | N/A |
| Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page. | ||||
| CVE-2005-3074 | 1 Rsyslog | 1 Rsyslogd | 2025-04-03 | N/A |
| SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages. | ||||
| CVE-2005-3075 | 1 Mpc-donkey | 1 Zengaia | 2025-04-03 | N/A |
| SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-3076 | 1 Simplog | 1 Simplog | 2025-04-03 | N/A |
| Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php. | ||||
| CVE-2005-3078 | 1 Punbb | 1 Punbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. | ||||