Full List

Search

Recent Vulnerabilities

• CVE-2005-0911 • published on March 29, 2005 Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php.
• CVE-2005-0912 • published on March 29, 2005 Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, possibly involving elements.rb.
• CVE-2005-0915 • published on March 29, 2005 Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php.
• CVE-2005-0936 • published on March 29, 2005 Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter.
• CVE-2005-0903 • published on March 29, 2005 Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.
• CVE-2005-0909 • published on March 29, 2005 PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter.
• CVE-2005-0914 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
• CVE-2005-0916 • published on March 29, 2005 AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.
• CVE-2005-0917 • published on March 29, 2005 PHP remote file inclusion vulnerability in index_header.php for EncapsBB 0.3.2_fixed, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the root parameter.
• CVE-2005-0920 • published on March 29, 2005 Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
• CVE-2005-0927 • published on March 29, 2005 Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences.
• CVE-2005-0935 • published on March 29, 2005 Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
• CVE-2005-0895 • published on March 29, 2005 Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets.
• CVE-2005-0897 • published on March 29, 2005 PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code.
• CVE-2005-0901 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter.
• CVE-2005-0904 • published on March 29, 2005 Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.
• CVE-2005-0907 • published on March 29, 2005 Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.
• CVE-2005-0924 • published on March 29, 2005 Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows remote attackers to inject arbitrary web script or HTML via a query keyword.
• CVE-2005-0926 • published on March 29, 2005 Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.
• CVE-2005-0928 • published on March 29, 2005 Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.