Full List

Search

Recent Vulnerabilities

• CVE-2005-1289 • published on April 26, 2005 index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
• CVE-2005-1297 • published on April 26, 2005 Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
• CVE-2005-1303 • published on April 26, 2005 The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1282 • published on April 26, 2005 Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface.
• CVE-2005-1285 • published on April 26, 2005 Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
• CVE-2005-1288 • published on April 26, 2005 inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.
• CVE-2005-1291 • published on April 26, 2005 Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
• CVE-2005-1295 • published on April 26, 2005 include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1296 • published on April 26, 2005 include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
• CVE-2005-1298 • published on April 26, 2005 The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1300 • published on April 26, 2005 Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
• CVE-2005-1305 • published on April 26, 2005 The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
• CVE-2005-1286 • published on April 26, 2005 Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
• CVE-2005-1290 • published on April 26, 2005 Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
• CVE-2005-1293 • published on April 26, 2005 Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
• CVE-2005-1301 • published on April 26, 2005 nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files.
• CVE-2005-1304 • published on April 26, 2005 The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument.
• CVE-2005-1278 • published on April 26, 2005 The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.
• CVE-2005-1279 • published on April 26, 2005 tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.
• CVE-2005-1284 • published on April 26, 2005 The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.