Количество 331 614
Количество 331 614
CVE-2005-1301
nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files.
CVE-2005-1300
Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2005-1299
The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2005-1298
The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2005-1297
Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.
CVE-2005-1296
include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
CVE-2005-1295
include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.
CVE-2005-1294
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
CVE-2005-1293
Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.
CVE-2005-1292
Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.
CVE-2005-1291
Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp.
CVE-2005-1290
Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.
CVE-2005-1289
index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.
CVE-2005-1288
inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.
CVE-2005-1287
Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp.
CVE-2005-1286
Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.
CVE-2005-1285
Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter.
CVE-2005-1284
The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.
CVE-2005-1283
Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367.
CVE-2005-1282
Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2005-1301 nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. | CVSS2: 2.6 | 0% Низкий | почти 21 год назад |
| CVE-2005-1300 Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | CVSS2: 6.8 | 1% Низкий | почти 21 год назад |
| CVE-2005-1299 The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | CVSS2: 10 | 3% Низкий | почти 21 год назад |
| CVE-2005-1298 The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1297 Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. | CVSS2: 6.8 | 1% Низкий | почти 21 год назад |
| CVE-2005-1296 include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1295 include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1294 The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. | CVSS2: 7.2 | 0% Низкий | почти 21 год назад |
| CVE-2005-1293 Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1292 Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp. | CVSS2: 4.3 | 1% Низкий | почти 21 год назад |
| CVE-2005-1291 Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo parameter to searchResults.asp, or (6) the idParentCategory parameter to productCatalogSubCats.asp. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1290 Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php. | CVSS2: 4.3 | 0% Низкий | почти 21 год назад |
| CVE-2005-1289 index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. | CVSS2: 7.5 | 9% Низкий | почти 21 год назад |
| CVE-2005-1288 inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1287 Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp. | CVSS2: 7.5 | 2% Низкий | почти 21 год назад |
| CVE-2005-1286 Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process. | CVSS2: 1.2 | 0% Низкий | почти 21 год назад |
| CVE-2005-1285 Cross-site scripting (XSS) vulnerability in thread.php in WoltLab Burning Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the hilight parameter. | CVSS2: 6.8 | 0% Низкий | почти 21 год назад |
| CVE-2005-1284 The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request. | CVSS2: 7.5 | 1% Низкий | почти 21 год назад |
| CVE-2005-1283 Multiple directory traversal vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote authenticated users to (1) read arbitrary files via the UIDL parameter to the msg script or (2) copy or move the user's .eml file to arbitrary locations via the delete script, a different vulnerability than CVE-2005-0367. | CVSS2: 7.5 | 2% Низкий | почти 21 год назад |
| CVE-2005-1282 Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface. | CVSS2: 4.3 | 0% Низкий | почти 21 год назад |
Уязвимостей на страницу