|
347621
|
- |
|
active_web_softwares
|
active_auction_house
|
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) ite…
|
NVD-CWE-Other
|
CVE-2005-1029
|
2017-07-11 10:32 |
2005-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347622
|
- |
|
active_web_softwares
|
active_auction_house
|
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, …
|
NVD-CWE-Other
|
CVE-2005-1030
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347623
|
- |
|
e-xoops
runcms
|
e-xoops
runcms
|
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbi…
|
NVD-CWE-Other
|
CVE-2005-1031
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347624
|
- |
|
netwin
|
surgeftp
|
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.
|
NVD-CWE-Other
|
CVE-2005-1034
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347625
|
- |
|
centrinity
|
centrinity_firstclass_desktop_client
|
OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a …
|
NVD-CWE-Other
|
CVE-2005-1045
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347626
|
- |
|
postnuke_software_foundation
|
postnuke
|
SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter. NOTE: the vendor reports that they could not repro…
|
NVD-CWE-Other
|
CVE-2005-1048
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347627
|
- |
|
postnuke_software_foundation
|
postnuke
|
Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user…
|
NVD-CWE-Other
|
CVE-2005-1049
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347628
|
- |
|
postnuke_software_foundation
|
postnuke
|
The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.
|
NVD-CWE-Other
|
CVE-2005-1050
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347629
|
- |
|
microsoft
|
outlook
outlook_web_access
|
Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail a…
|
NVD-CWE-Other
|
CVE-2005-1052
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347630
|
- |
|
moderngigabyte
|
modernbill
|
Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid paramet…
|
NVD-CWE-Other
|
CVE-2005-1053
|
2017-07-11 10:32 |
2005-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
