CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7187 matches found

NVD•added 2005/12/28 11:3 a.m.•10 views

CVE-2005-4558

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include...

6.5CVSS6.3AI score0.11946EPSS

Exploits1References10

CVE•added 2005/12/28 11:0 a.m.•54 views

CVE-2005-4558

CVE-2005-4558 affects IceWarp Web Mail 5.5.1 (used by Merak Mail Server 8.3.0r and VisNetic Mail Server 8.3.0 build 1). The issue arises in mail/index.html where the language parameter lang_settings is not properly restricted before storage in the database, allowing remote authenticated users to ...

6.5CVSS6.4AI score0.11946EPSS

Exploits1References10Affected Software3

Cvelist•added 2005/12/28 11:0 a.m.•15 views

CVE-2005-4558

6.3AI score0.11946EPSS

Exploits1References10

exploitpack•added 2005/12/27 12:0 a.m.•14 views

IceWarp Universal WebMail - mailinclude.html Crafted HTTP_USER_AGENT Arbitrary File Access

IceWarp Universal WebMail - mailinclude.html Crafted HTTPUSERAGENT Arbitrary File Access source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp...

0.6AI score

Exploits0

exploitpack•added 2005/12/27 12:0 a.m.•13 views

IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions

IceWarp Universal WebMail - adminincinclude.php Multiple Remote File Inclusions source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal...

0.2AI score

Exploits0

exploitpack•added 2005/12/27 12:0 a.m.•7 views

IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion

IceWarp Universal WebMail - dirinclude.html?lang Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into...

Exploits0

exploitpack•added 2005/12/27 12:0 a.m.•11 views

IceWarp Universal WebMail - mailsettings.html?Language Local File Inclusion

IceWarp Universal WebMail - mailsettings.html?Language Local File Inclusion source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMai...

0.1AI score

Exploits0

Exploit DB•added 2005/12/27 12:0 a.m.•23 views

IceWarp Universal WebMail - '/accounts/inc/include.php' Multiple Remote File Inclusions

source: https://www.securityfocus.com/bid/16069/info IceWarp Universal WebMail is prone to multiple input-validation vulnerabilities. Deerfield VisNetic Mail Server and Merak Mail Server integrate IceWarp Universal WebMail into their suites. An attacker can exploit these issues to include arbitra...

7.4AI score

Exploits0

Exploit DB•added 2005/12/21 12:0 a.m.•22 views

Tolva 0.1 - 'Usermods.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the webserver process. This may help the attacker...

7AI score

Exploits0

exploitpack•added 2005/12/21 12:0 a.m.•10 views

Tolva 0.1 - Usermods.php Remote File Inclusion

Tolva 0.1 - Usermods.php Remote File Inclusion source: https://www.securityfocus.com/bid/16000/info Tolva is prone to a remote file-include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the...

7.5AI score

Exploits0

Cvelist•added 2005/12/20 11:0 a.m.•17 views

CVE-2005-4424

Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might allow remote authenticated users to execute arbitrary PHP code via a .. dot dot in the path parameter and a %00 at the end of the filename, as demonstrated by an avatar filename ending with .png%00...

7.2AI score0.01703EPSS

Exploits0References7

Exploit DB•added 2005/12/20 12:0 a.m.•24 views

Plogger Beta 2 - Remote File Inclusion

source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server process. This may facilitate a...

7.4AI score

Exploits0

exploitpack•added 2005/12/20 12:0 a.m.•12 views

Plogger Beta 2 - Remote File Inclusion

Plogger Beta 2 - Remote File Inclusion source: https://www.securityfocus.com/bid/15992/info Plogger is prone to a remote file include vulnerability. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the context of the Web server...

0.2AI score

Exploits0

exploitpack•added 2005/12/13 12:0 a.m.•224 views

PHPCOIN 1.2.2 - includesdb.php?$_CCFG[_PKG_PATH_DBSE] Traversal Arbitrary File Access

PHPCOIN 1.2.2 - includesdb.php?$CCFGPKGPATHDBSE Traversal Arbitrary File Access source: https://www.securityfocus.com/bid/15831/info PhpCOIN is prone to a file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploi...

0.3AI score

Exploits0

Cvelist•added 2005/12/11 9:0 p.m.•13 views

CVE-2005-4171

The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension that contains a GIF header, which passes the image validity check but executes any PHP...

7.6AI score0.07795EPSS

Exploits1References7

NVD•added 2005/12/08 11:3 a.m.•10 views

CVE-2005-4087

PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management SugarCRM 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter...

7.5CVSS7.5AI score0.03245EPSS

Exploits1References4

UbuntuCve•added 2005/12/06 11:3 a.m.•23 views

CVE-2005-4031

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed using the eval function...

7.5CVSS6.2AI score0.01655EPSS

Exploits0References1

CVE•added 2005/12/06 11:0 a.m.•52 views

CVE-2005-4031

MediaWiki 1.5.x is affected by an Eval injection vulnerability before 1.5.3 that allows remote attackers to execute arbitrary PHP code via the user language option, which is used to form a dynamic class name processed by eval. Root cause: improper handling of user-supplied language selection lead...

7.5CVSS7.7AI score0.01655EPSS

Exploits0References5Affected Software1

Cvelist•added 2005/12/06 11:0 a.m.•15 views

CVE-2005-4031

7.6AI score0.01655EPSS

Exploits0References5