Multiple buffer overflows in YaMT before 0.5_2 allow attackers to execute arbitrary code via the (1) rename or (2) sort options.
Max CVSS
7.5
EPSS Score
0.33%
Published
2005-01-20
Updated
2008-09-05
Multiple directory traversal vulnerabilities in YaMT before 0.5_2 allow attackers to overwrite arbitrary files via the (1) rename or (2) sort options.
Max CVSS
5.0
EPSS Score
0.11%
Published
2005-01-20
Updated
2008-09-05
The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.
Max CVSS
5.0
EPSS Score
4.44%
Published
2005-01-13
Updated
2008-09-05
Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows remote attackers to execute arbitrary code via a long RNTO command.
Max CVSS
7.5
EPSS Score
14.24%
Published
2005-01-22
Updated
2017-07-11
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
Max CVSS
5.0
EPSS Score
1.00%
Published
2005-01-12
Updated
2022-02-28
PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.
Max CVSS
7.5
EPSS Score
2.48%
Published
2005-01-12
Updated
2017-07-11
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.
Max CVSS
5.0
EPSS Score
2.18%
Published
2005-01-28
Updated
2017-07-11
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.
Max CVSS
7.5
EPSS Score
5.11%
Published
2005-01-28
Updated
2017-07-11
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
Max CVSS
7.5
EPSS Score
1.58%
Published
2005-01-27
Updated
2017-07-11

CVE-2005-0308

Public exploit
Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.
Max CVSS
7.5
EPSS Score
83.62%
Published
2005-01-24
Updated
2017-07-11
MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.
Max CVSS
5.0
EPSS Score
0.45%
Published
2005-01-25
Updated
2017-07-11
Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter.
Max CVSS
5.0
EPSS Score
0.54%
Published
2005-01-20
Updated
2017-07-11
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.
Max CVSS
7.5
EPSS Score
0.11%
Published
2005-01-18
Updated
2016-10-18
NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue
Max CVSS
5.0
EPSS Score
1.53%
Published
2005-01-17
Updated
2024-03-21
minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter.
Max CVSS
5.0
EPSS Score
1.48%
Published
2005-01-16
Updated
2017-07-11
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.
Max CVSS
7.5
EPSS Score
1.39%
Published
2005-01-17
Updated
2017-07-11
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.
Max CVSS
7.5
EPSS Score
0.70%
Published
2005-01-17
Updated
2017-07-11
Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.
Max CVSS
5.0
EPSS Score
0.60%
Published
2005-01-10
Updated
2017-07-11
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.
Max CVSS
7.5
EPSS Score
0.18%
Published
2005-01-10
Updated
2017-07-11
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.
Max CVSS
5.0
EPSS Score
1.74%
Published
2005-01-04
Updated
2017-07-11
Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message.
Max CVSS
7.5
EPSS Score
10.39%
Published
2005-01-04
Updated
2017-07-11
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.
Max CVSS
7.5
EPSS Score
0.24%
Published
2005-01-03
Updated
2017-07-11
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.
Max CVSS
7.5
EPSS Score
0.71%
Published
2005-01-03
Updated
2017-07-11
Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.
Max CVSS
5.0
EPSS Score
0.39%
Published
2005-01-31
Updated
2016-10-18
Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-01-22
Updated
2017-07-11
268 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!