|
355641
|
- |
|
gianluca_baldo
|
phpauction
|
Directory traversal vulnerability in PhpAuction 2.5 allows remote attackers to read arbitrary files, include local PHP files, or obtain sensitive path information via ".." sequences in the lan param…
|
NVD-CWE-Other
|
CVE-2005-2255
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355642
|
- |
|
phppgadmin
|
phppgadmin
|
Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 allows remote attackers to access arbitrary files via "%2e%2e%2f" (encoded dot dot) sequences in the formLanguage parameter.
|
NVD-CWE-Other
|
CVE-2005-2256
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355643
|
- |
|
squitosoft
|
squito_gallery
|
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.
|
NVD-CWE-Other
|
CVE-2005-2258
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355644
|
- |
|
usanet_creations
|
domain_name_auction
makebid_auction_deluxe
makebid_auction_standard
makebid_reverse_auction
standard_classified_ads
usanet_shopping_mall
|
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Soft…
|
NVD-CWE-Other
|
CVE-2005-2259
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355645
|
- |
|
alexander_clauss
|
icab
|
iCab 2.9.8 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing att…
|
NVD-CWE-Other
|
CVE-2005-2271
|
2008-09-6 05:51 |
2005-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355646
|
- |
|
esi_products
|
webeoc
|
Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before 6.0.2 allow remote attackers to inject arbitrary web script and HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2005-2282
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355647
|
- |
|
esi_products
|
webeoc
|
WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a larg…
|
NVD-CWE-Other
|
CVE-2005-2283
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355648
|
- |
|
esi_products
|
webeoc
|
Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2005-2284
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355649
|
- |
|
esi_products
|
webeoc
|
WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remote attackers to obtain information such as Usernames, Passwords, Emerg…
|
NVD-CWE-Other
|
CVE-2005-2285
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
355650
|
- |
|
esi_products
|
webeoc
|
WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.
|
NVD-CWE-Other
|
CVE-2005-2286
|
2008-09-6 05:51 |
2005-07-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
