Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.
Max CVSS
5.0
EPSS Score
0.13%
Published
2005-02-28
Updated
2008-09-05
Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent.
Max CVSS
7.5
EPSS Score
2.27%
Published
2005-02-28
Updated
2008-09-05
viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.45%
Published
2005-02-28
Updated
2016-10-18
Cisco devices running Application and Content Networking System (ACNS) 5.0, 5.1 before 5.1.13.7, or 5.2 before 5.2.3.9 allow remote attackers to cause a denial of service (bandwidth consumption) via "crafted IP packets" that are continuously forwarded.
Max CVSS
5.0
EPSS Score
0.74%
Published
2005-02-24
Updated
2018-10-30
The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets.
Max CVSS
5.0
EPSS Score
1.71%
Published
2005-02-24
Updated
2018-10-30
Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters.
Max CVSS
7.5
EPSS Score
0.23%
Published
2005-02-21
Updated
2016-10-18
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
Max CVSS
7.5
EPSS Score
0.72%
Published
2005-02-22
Updated
2011-03-08
ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519.
Max CVSS
10.0
EPSS Score
1.24%
Published
2005-02-23
Updated
2017-07-11
ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520.
Max CVSS
10.0
EPSS Score
1.24%
Published
2005-02-18
Updated
2017-07-11
The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails.
Max CVSS
7.5
EPSS Score
6.10%
Published
2005-02-23
Updated
2016-10-18
PHP remote file inclusion vulnerability in mail_autocheck.php in the Email This Entry add-on for pMachine Pro 2.4, and possibly other versions including pMachine Free, allows remote attackers to execute arbitrary PHP code by directly requesting mail_autocheck.php and modifying the pm_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2003-1086.
Max CVSS
7.5
EPSS Score
2.73%
Published
2005-02-19
Updated
2016-10-18
PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693.
Max CVSS
7.5
EPSS Score
0.51%
Published
2005-02-21
Updated
2008-09-05

CVE-2005-0511

Public exploit
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
Max CVSS
7.5
EPSS Score
89.06%
Published
2005-02-21
Updated
2016-10-18
Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request.
Max CVSS
5.0
EPSS Score
0.54%
Published
2005-02-18
Updated
2017-07-11
Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries.
Max CVSS
5.0
EPSS Score
0.33%
Published
2005-02-20
Updated
2017-07-11
Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.
Max CVSS
9.8
EPSS Score
1.50%
Published
2005-02-21
Updated
2024-02-13
The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request.
Max CVSS
7.5
EPSS Score
5.40%
Published
2005-02-21
Updated
2017-07-11
Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated.
Max CVSS
7.5
EPSS Score
1.35%
Published
2005-02-21
Updated
2017-07-11
The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00 (null) character after the file extension.
Max CVSS
5.0
EPSS Score
0.38%
Published
2005-02-16
Updated
2008-09-05
Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.
Max CVSS
5.0
EPSS Score
19.05%
Published
2005-02-15
Updated
2018-10-30
Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.49%
Published
2005-02-15
Updated
2017-07-11
The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow.
Max CVSS
5.0
EPSS Score
3.42%
Published
2005-02-12
Updated
2016-10-18
Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and earlier allows remote attackers and local users to include arbitrary PHP files via .. (dot dot) sequences in the load parameter.
Max CVSS
7.5
EPSS Score
4.83%
Published
2005-02-14
Updated
2008-09-10
SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and earlier allows remote attackers to inject data via the fields of a CSV file.
Max CVSS
5.0
EPSS Score
0.19%
Published
2005-02-14
Updated
2008-09-10
CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store credit card data, and facilitates the exploitation of other vulnerabilities.
Max CVSS
6.4
EPSS Score
6.07%
Published
2005-02-14
Updated
2008-09-10
65 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!