Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
Published Oct 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.
Published Oct 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
Published Oct 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.
Published Oct 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors.
Published Oct 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows local users to cause a denial of service due to a "specific stack size."
Published Oct 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.
Published Oct 26, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Typsoft FTP Server 1.11, with "Sub Directory Include" enabled, allows remote attackers to cause a denial of service (crash) by sending multiple RETR commands. NOTE: it was later reported that 1.10 is also affected.
Published Oct 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.
Published Oct 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie. NOTE: this is not a cross-site scripting (XSS) issue as claimed by the original researcher.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."
Published Oct 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
Published Oct 27, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Published Oct 23, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.
Published Oct 25, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.
Published Oct 27, 2005 · Updated Aug 7, 2024