Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 329 612

Количество 329 612

nvd логотип

CVE-2005-4347

около 20 лет назад

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4346

около 20 лет назад

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4345

около 20 лет назад

Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2005-4344

около 20 лет назад

Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2005-4343

около 20 лет назад

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4342

около 20 лет назад

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4341

около 20 лет назад

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4340

около 20 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4206. Reason: This candidate is a duplicate of CVE-2005-4206. Notes: All CVE users should reference CVE-2005-4206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

EPSS: Низкий
nvd логотип

CVE-2005-4339

около 20 лет назад

Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-4338

около 20 лет назад

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2005-4337

около 20 лет назад

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4336

около 20 лет назад

Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-4335

около 20 лет назад

ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2005-4334

около 20 лет назад

SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4333

около 20 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-4332

около 20 лет назад

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.

CVSS2: 9.4
EPSS: Средний
nvd логотип

CVE-2005-4331

около 20 лет назад

SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4330

около 20 лет назад

SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4329

около 20 лет назад

SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4328

около 20 лет назад

Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

CVSS2: 4.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2005-4347

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4346

Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier allows remote attackers to obtain the full path of the application via an invalid permalink parameter to index.php, which produces an invalid SQL query that leaks the full pathname in a SQL syntax error message. NOTE: this was originally claimed to be SQL injection, but a cleansing step strips all non-digit characters and leaves an empty permalink argument, which leads to the syntax error.

CVSS2: 5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4345

Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password hash of the Administrator in an API call, which allows local developers to obtain the hash and gain privileges.

CVSS2: 7.2
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4344

Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration.

CVSS2: 2.1
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4343

Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 allows remote attackers to attach arbitrary files and send mail via a crafted Subject field, which is not properly handled by the CFMAIL tag in applications that use ColdFusion, aka "CFMAIL injection Vulnerability".

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4342

ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to "bypass security controls," aka "JRun Clustered Sandbox Security Vulnerability."

CVSS2: 7.5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4341

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to list all available categories via a blank category_id parameter to category.pl. NOTE: it is not clear whether this information is sensitive or not, so this might not be an exposure.

CVSS2: 5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4340

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4206. Reason: This candidate is a duplicate of CVE-2005-4206. Notes: All CVE users should reference CVE-2005-4206 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

около 20 лет назад
nvd логотип
CVE-2005-4339

Cross-site scripting (XSS) vulnerability in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to inject arbitrary web script or HTML via the context parameter to announcement.pl, which is reflected in the resulting page.

CVSS2: 4.3
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4338

announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to "admin".

CVSS2: 10
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4337

The login page in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to bypass authentication and gain privileges as other users via a modified user_id parameter and a "/" in the encoded_pw parameter.

CVSS2: 7.5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4336

Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) fwd parameter in admin/adminsignin.html and (2) originalpageid parameter in admin/newpage.html associated with a group.

CVSS2: 4.3
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4335

ProjectForum 4.7.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted pageid parameter to admin/versions.html.

CVSS2: 7.8
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4334

SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp.

CVSS2: 7.5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4333

Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl.

CVSS2: 4.3
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4332

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service or upload files via direct requests to obsolete JSP files including (1) admin/uploadclient.jsp, (2) apply_firmware_action.jsp, and (3) file.jsp.

CVSS2: 9.4
11%
Средний
около 20 лет назад
nvd логотип
CVE-2005-4331

SQL injection vulnerability in merchant.ihtml in iHTML Merchant Version 2 Pro allows remote attackers to execute arbitrary SQL commands via the (1) step, (2) id, and (3) pid parameters.

CVSS2: 7.5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4330

SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall allows remote attackers to execute arbitrary SQL commands via the (1) id, (2) store, and (3) step parameters.

CVSS2: 7.5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4329

SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter.

CVSS2: 7.5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4328

Cross-site scripting (XSS) vulnerability in webglimpse.cgi in Webglimpse 2.14.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

CVSS2: 4.3
3%
Низкий
около 20 лет назад

Уязвимостей на страницу