LiveActive security incident?Get immediate response
CVE archive

September 2005

Browse CVE records published in September 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 313 matching CVEs · Page 3 of 7.

Unknown · CVSS Not scored

CVE-2005-3048: Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary...

Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 allows remote attackers to read arbitrary files or include arbitrary PHP files via a .. (dot dot) in the LANGCODE parameter, which also allows direct code injection via the User Agent field in a request packet, which can be activated by using LANGCODE to reference the user tracking data file.

Published Sep 23, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3024: Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arb...

Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.

Published Sep 21, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3023: Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers t...

Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) announcement.php, (2) admincalendar.php, (3) bbcode.php, (4) cronadmin.php, (5) email.php, (6) faq.php, (7) forum.php, (8) image.php, (9) language.php, (10) ranks.php, (11) replacement.php, (12) replacement.php, (13) template.php, (14) template.php, (15) usergroup.php, or (16) usertitle.php.

Published Sep 21, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3054: fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other dire...

fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.

Published Sep 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-2898: NOTE: this issue has been disputed by the vendor.

NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but in fact a fundamental issue of every single program that can store passwords transparently.

Published Sep 14, 2005 · Updated Aug 7, 2024