Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 328 195

Количество 328 195

nvd логотип

CVE-2005-0324

почти 21 год назад

Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-0323

почти 21 год назад

Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-0322

почти 21 год назад

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2005-0321

почти 21 год назад

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2005-0320

около 21 года назад

Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-0319

около 21 года назад

Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-0318

около 21 года назад

useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2005-0317

около 21 года назад

Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-0316

около 21 года назад

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

CVSS2: 7.5
EPSS: Средний
nvd логотип

CVE-2005-0315

около 21 года назад

The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2005-0314

около 21 года назад

Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-0313

около 21 года назад

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-0312

около 21 года назад

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2005-0311

почти 21 год назад

Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2005-0310

почти 21 год назад

Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-0309

около 21 года назад

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-0308

около 21 года назад

Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.

CVSS2: 7.5
EPSS: Высокий
nvd логотип

CVE-2005-0307

около 21 года назад

Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-0306

около 21 года назад

MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-0305

почти 21 год назад

CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2005-0324

Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

CVSS2: 5
1%
Низкий
почти 21 год назад
nvd логотип
CVE-2005-0323

Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS2: 4.3
1%
Низкий
почти 21 год назад
nvd логотип
CVE-2005-0322

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

CVSS2: 7.2
0%
Низкий
почти 21 год назад
nvd логотип
CVE-2005-0321

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.

CVSS2: 2.1
0%
Низкий
почти 21 год назад
nvd логотип
CVE-2005-0320

Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.

CVSS2: 5
3%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0319

Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.

CVSS2: 4.3
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0318

useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.

CVSS2: 2.1
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0317

Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

CVSS2: 4.3
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0316

WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

CVSS2: 7.5
14%
Средний
около 21 года назад
nvd логотип
CVE-2005-0315

The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

CVSS2: 4.6
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0314

Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.

CVSS2: 4.3
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0313

Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

CVSS2: 7.5
8%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0312

WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.

CVSS2: 2.1
1%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0311

Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.

CVSS2: 4.6
0%
Низкий
почти 21 год назад
nvd логотип
CVE-2005-0310

Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined.

CVSS2: 5
0%
Низкий
почти 21 год назад
nvd логотип
CVE-2005-0309

Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter.

CVSS2: 4.3
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0308

Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.

CVSS2: 7.5
78%
Высокий
около 21 года назад
nvd логотип
CVE-2005-0307

Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.

CVSS2: 4.3
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0306

MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.

CVSS2: 5
0%
Низкий
около 21 года назад
nvd логотип
CVE-2005-0305

CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.

CVSS2: 7.5
9%
Низкий
почти 21 год назад

Уязвимостей на страницу