Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0338 | 1 Savant | 1 Savant Webserver | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request. | |||||
| CVE-2005-0339 | 1 Foxmail | 1 Foxmail Email Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command. | |||||
| CVE-2005-0340 | 1 Apple | 1 Afp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet. | |||||
| CVE-2005-0341 | 1 Apple | 1 Safari | 2017-07-11 | 4.3 MEDIUM | N/A |
| Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks. | |||||
| CVE-2005-0342 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file. | |||||
| CVE-2005-0343 | 1 Logicnow | 1 Perldesk | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter. | |||||
| CVE-2005-0344 | 1 Software602 | 1 602lan Suite | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter. | |||||
| CVE-2005-0345 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 5.0 MEDIUM | N/A |
| viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. | |||||
| CVE-2005-0346 | 1 Safenet | 1 Softremote Vpn Client | 2017-07-11 | 2.1 LOW | N/A |
| SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process. | |||||
| CVE-2005-0347 | 1 Realnetworks | 1 Realarcade | 2017-07-11 | 5.1 MEDIUM | N/A |
| Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow. | |||||
| CVE-2005-0348 | 1 Realnetworks | 1 Realarcade | 2017-07-11 | 2.6 LOW | N/A |
| Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag. | |||||
| CVE-2005-0352 | 1 Woodstone | 1 Servers Alive | 2017-07-11 | 7.2 HIGH | N/A |
| Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges. | |||||
| CVE-2005-0353 | 1 Safenet | 1 Sentinel License Manager | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093. | |||||
| CVE-2005-0357 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2017-07-11 | 7.5 HIGH | N/A |
| EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID. | |||||
| CVE-2005-0358 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2017-07-11 | 7.5 HIGH | N/A |
| EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token. | |||||
| CVE-2005-0368 | 1 Chipmunk Scripts | 1 Cmscore | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php. | |||||
| CVE-2005-0374 | 1 Bitshifters | 1 Bitboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover. | |||||
| CVE-2005-0375 | 1 Sergey Kiselev | 1 Sgallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function. | |||||
| CVE-2005-0376 | 1 Sergey Kiselev | 1 Sgallery | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php. | |||||
| CVE-2005-0377 | 1 Sergey Kiselev | 1 Sgallery | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters. | |||||
| CVE-2005-0378 | 1 Horde | 1 Horde | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php. | |||||
| CVE-2005-0379 | 1 Zeroboard | 1 Zeroboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php. | |||||
| CVE-2005-0380 | 1 Zeroboard | 1 Zeroboard | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2005-0381 | 1 Forumkit | 1 Forumkit | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter. | |||||
| CVE-2005-0382 | 1 Breed | 1 Breed | 2017-07-11 | 5.0 MEDIUM | N/A |
| Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference. | |||||
| CVE-2005-0383 | 1 Trend Micro | 1 Control Manager | 2017-07-11 | 7.5 HIGH | N/A |
| Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password. | |||||
| CVE-2005-0391 | 1 Daniel De Rauglaudre | 1 Geneweb | 2017-07-11 | 5.0 MEDIUM | N/A |
| geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files. | |||||
| CVE-2005-0412 | 1 Spidean | 1 Postwrap | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows remote attackers to inject arbitrary HTML and web script via the page parameter. | |||||
| CVE-2005-0415 | 1 Ulrik Petersen | 1 Emdros Database Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. | |||||
| CVE-2005-0236 | 1 Omnigroup | 1 Omniweb | 2017-07-11 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2005-0234 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | |||||
| CVE-2005-0419 | 1 3com | 1 3cserver | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. | |||||
| CVE-2005-0421 | 1 Delphiturk | 1 Delphiturk Ftp | 2017-07-11 | 2.1 LOW | N/A |
| DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. | |||||
| CVE-2005-0422 | 1 Delphiturk | 1 Codebank | 2017-07-11 | 2.1 LOW | N/A |
| DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. | |||||
| CVE-2005-0423 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. | |||||
| CVE-2005-0424 | 1 Aspjar | 1 Aspjar Guestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the delete.asp program in certain versions of ASPjar Guestbook allows remote attackers to delete messages. NOTE: there is insufficient information to know if this is the same issue as CVE-2002-1730. | |||||
| CVE-2005-0427 | 1 Gentoo | 1 Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. | |||||
| CVE-2005-0428 | 1 Powerdns | 1 Powerdns | 2017-07-11 | 5.0 MEDIUM | N/A |
| The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes. | |||||
| CVE-2005-0431 | 1 Barracuda Networks | 1 Barracuda Spam Firewall | 2017-07-11 | 7.5 HIGH | N/A |
| Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam. | |||||
| CVE-2005-0435 | 1 Awstats | 1 Awstats | 2017-07-11 | 5.0 MEDIUM | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | |||||
| CVE-2005-0436 | 1 Awstats | 1 Awstats | 2017-07-11 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | |||||
| CVE-2005-0438 | 1 Awstats | 1 Awstats | 2017-07-11 | 5.0 MEDIUM | N/A |
| awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | |||||
| CVE-2005-0439 | 1 Stefan Ritt | 1 Elog Web Logbook | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names. | |||||
| CVE-2005-0441 | 1 Sybase | 1 Adaptive Server Enterprise | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement. | |||||
| CVE-2004-2558 | 1 Ibm | 6 Tivoli Access Manager For E-business, Tivoli Access Manager Identity Manager Solution, Tivoli Configuration Manager and 3 more | 2017-07-11 | 7.5 HIGH | N/A |
| Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack." | |||||
| CVE-2005-0442 | 1 Devellion | 1 Cubecart | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter. | |||||
| CVE-2005-0443 | 1 Devellion | 1 Cubecart | 2017-07-11 | 4.3 MEDIUM | N/A |
| index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message. | |||||
| CVE-2005-0445 | 1 Open Webmail | 1 Open Webmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page. | |||||
| CVE-2005-0467 | 1 Putty | 1 Putty | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in the (1) sftp_pkt_getstring and (2) fxp_readdir_recv functions in the PSFTP and PSCP clients for PuTTY 0.56, and possibly earlier versions, allow remote malicious web sites to execute arbitrary code via SFTP responses that corrupt the heap after insufficient memory has been allocated. | |||||
| CVE-2005-0470 | 3 Gentoo, Suse, Wpa Supplicant | 3 Linux, Suse Linux, Wpa Supplicant | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. | |||||