Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3368 | 1 Search Enhanced | 1 Search Enhanced | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2005-2967 | 1 Xine | 1 Xine-lib | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD. | |||||
| CVE-2005-3675 | 1 Tcp | 1 Tcp | 2017-07-11 | 7.8 HIGH | N/A |
| The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by sending ACK messages for packets that have not yet been received (optimistic ACKs), which can cause the sender to increase its transmission rate until it fills available bandwidth. | |||||
| CVE-2005-3331 | 1 Rogers Software Source | 1 Mgdiff Patch Viewer | 2017-07-11 | 2.1 LOW | N/A |
| viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-3429 | 1 Rockliffe | 1 Mailsite Express | 2017-07-11 | 4.3 MEDIUM | N/A |
| Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities. | |||||
| CVE-2005-3333 | 1 Ebase | 1 Ebaseweb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | |||||
| CVE-2005-3341 | 1 Dhis Tools | 1 Dns Package | 2017-07-11 | 2.1 LOW | N/A |
| DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh. | |||||
| CVE-2005-3522 | 1 Adventnet | 1 Manageengine Netflow Analyzer | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter. | |||||
| CVE-2005-3343 | 1 Tkdiff | 1 Tkdiff | 2017-07-11 | 4.6 MEDIUM | N/A |
| tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-3661 | 1 Dell | 1 Truemobile 2300 Wireless Broadband Router | 2017-07-11 | 5.0 MEDIUM | N/A |
| Dell TrueMobile 2300 Wireless Broadband Router running firmware 3.0.0.8 and 5.1.1.6, and possibly other versions, allows remote attackers to reset authentication credentials, then change configuration or firmware, via a direct request to apply.cgi with the Page parameter set to adv_password.asp. | |||||
| CVE-2005-3560 | 1 Zonelabs | 4 Zonealarm, Zonealarm Anti-spyware, Zonealarm Antivirus and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite 6.0, (3) ZoneAlarm Anti-Virus 6.0, (4) ZoneAlarm Anti-Spyware 6.0 through 6.1, and (5) ZoneAlarm 6.0 allow remote attackers to bypass the "Advanced Program Control and OS Firewall filters" setting via URLs in "HTML Modal Dialogs" (window.location.href) contained within JavaScript tags. | |||||
| CVE-2005-3633 | 1 Sap | 1 Sap Web Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| HTTP response splitting vulnerability in frameset.htm in SAP Web Application Server (WAS) 6.10 through 7.00 allows remote attackers to inject arbitrary HTML headers via the sap-exiturl parameter. | |||||
| CVE-2005-3427 | 1 Cisco | 1 Ciscoworks Management Center For Ips Sensors | 2017-07-11 | 2.1 LOW | N/A |
| The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection. | |||||
| CVE-2005-3344 | 1 Horde | 1 Horde | 2017-07-11 | 10.0 HIGH | N/A |
| The default installation of Horde 3.0.4 contains an administrative account with a blank password, which allows remote attackers to gain access. | |||||
| CVE-2005-2804 | 1 Novell | 1 Groupwise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key. | |||||
| CVE-2005-2865 | 1 Amember | 1 Amember | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in aMember Pro 2.3.4 allow remote attackers to execute arbitrary PHP code via the config[root_dir] parameter to (1) mysql.inc.php, (2) efsnet.inc.php, (3) theinternetcommerce.inc.php, (4) cdg.inc.php, (5) compuworld.inc.php, (6) directone.inc.php, (7) authorize_aim.inc.php, (8) beanstream.inc.php, (9) config.inc.php, (10) eprocessingnetwork.inc.php, (11) eway.inc.php, (12) linkpoint.inc.php, (13) logiccommerce.inc.php, (14) netbilling.inc.php, (15) payflow_pro.inc.php, (16) paymentsgateway.inc.php, (17) payos.inc.php, (18) payready.inc.php, or (19) plugnplay.inc.php. | |||||
| CVE-2005-2855 | 1 Unclassified Newsboard | 1 Unclassified Newsboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the description field. | |||||
| CVE-2005-3345 | 1 Rssh | 1 Rssh | 2017-07-11 | 7.2 HIGH | N/A |
| rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. | |||||
| CVE-2005-3415 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable. | |||||
| CVE-2005-2947 | 1 Killprocess | 1 Killprocess | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in KillProcess 2.20 and earlier allows user-assisted attackers to execute arbitrary code via an exe file with a long FileDescription in the version resource. | |||||
| CVE-2005-2934 | 1 Sco | 1 Unixware | 2017-07-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2005-2961 | 1 Prozilla | 1 Prozilla Download Accelerator | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag. | |||||
| CVE-2005-2920 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable. | |||||
| CVE-2005-3414 | 1 Eyeos Project | 1 Eyeos | 2017-07-11 | 7.5 HIGH | N/A |
| eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. | |||||
| CVE-2005-3413 | 1 Eyeos Project | 1 Eyeos | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter. | |||||
| CVE-2005-2960 | 2 Debian, Gnu | 2 Debian Linux, Cfengine | 2017-07-11 | 2.1 LOW | N/A |
| cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. | |||||
| CVE-2005-2902 | 1 Class-1 | 1 Class-1 Forum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in class-1 Forum Software 0.24.4 allows remote attackers to execute arbitrary SQL commands and bypass the file extension check via SQL code in the file extension of an uploaded file. | |||||
| CVE-2005-3278 | 1 Jan Kybic | 1 Bitmap Viewer | 2017-07-11 | 7.2 HIGH | N/A |
| Integer overflow in the openpsfile function in gsinterf.c for Jan Kybic BitMap Viewer (BMV) 1.2 allows local users to execute arbitrary code via a PostScript (PS) file containing a large number of pages value, which leads to a resultant buffer overflow. | |||||
| CVE-2005-3293 | 1 Xerver | 1 Xerver | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xerver 4.17 allows remote attackers to (1) obtain source code of scripts via a request with a trailing "." (dot) or (2) list directory contents via a trailing null character. | |||||
| CVE-2005-3346 | 1 Osh | 1 Osh | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LD_PRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv function call. | |||||
| CVE-2005-2895 | 1 Pblang | 1 Pblang | 2017-07-11 | 5.0 MEDIUM | N/A |
| setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to obtain sensitive information via a %00 (a null byte) in the u parameter, which reveals the path in an error message. | |||||
| CVE-2005-2896 | 1 Stylemotion | 1 Web News | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php. | |||||
| CVE-2005-3369 | 1 Woltlab | 1 Burning Board | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters. | |||||
| CVE-2005-3701 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. | |||||
| CVE-2005-3297 | 1 Suse | 1 Suse Linux | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-3298 | 1 Suse | 1 Suse Linux | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote attackers to execute arbitrary code via unknown vectors. | |||||
| CVE-2005-2848 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. | |||||
| CVE-2005-2952 | 1 Subscribe Me Pro | 1 Subscribe Me Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in s.pl in Subscribe Me Pro 2.044.09P and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the l parameter. | |||||
| CVE-2005-3300 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme. | |||||
| CVE-2005-2903 | 1 Eset Software | 1 Nod32 Antivirus | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build 1127, with active scanning enabled, allows remote attackers to execute arbitrary code via an ARJ archive containing a file with a long filename. | |||||
| CVE-2005-3304 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module. | |||||
| CVE-2005-3305 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file. | |||||
| CVE-2005-3524 | 1 Linux-ftpd-ssl | 1 Linux-ftpd-ssl | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command. | |||||
| CVE-2005-2894 | 1 Pblang | 1 Pblang | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the user registration in PBLang 4.65, and possibly earlier versions, allows remote attackers to inject arbitrary web script or PHP via the location field. | |||||
| CVE-2005-3026 | 1 Alstrasoft | 1 Epay | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. | |||||
| CVE-2005-3308 | 1 Zomplog | 1 Zomplog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php. | |||||
| CVE-2005-3408 | 1 Greg Neustaetter | 1 Gcards | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter. | |||||
| CVE-2005-3811 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in admin/main.php in AMAX Magic Winmail Server 4.2 (build 0824) and earlier allows remote attackers to overwrite arbitrary files with session information via the sid parameter. | |||||
| CVE-2005-3407 | 1 Butterfat | 1 Phpesp | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-2893 | 1 Pblang | 1 Pblang | 2017-07-11 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in setcookie.php in PBLang 4.65, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code via the username (u parameter), which is directly injected into a file that is later executed upon login. | |||||