Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0474 | 1 Webcalendar | 1 Webcalendar | 2017-07-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie. | |||||
| CVE-2005-0475 | 1 Php Arena | 1 Pafaq | 2017-07-11 | 6.4 MEDIUM | N/A |
| SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php. | |||||
| CVE-2005-0476 | 1 Hpm Guestbook.cgi | 1 Hpm Guestbook.cgi | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message. | |||||
| CVE-2005-0625 | 1 Debian | 1 Reportbug | 2017-07-11 | 2.1 LOW | N/A |
| reportbug 3.2 includes settings from .reportbugrc in bug reports, which exposes sensitive information such as smtpuser and smtppasswd. | |||||
| CVE-2005-0478 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script. | |||||
| CVE-2005-0479 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam 5.12 and earlier allows remote attackers to read arbitrary files via ".." sequences and (1) "/" slash), (2) "\" (backslash), or (3) hex-encoded characters in the fn parameter. | |||||
| CVE-2005-0480 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and earlier allows remote attackers to inject arbitrary HTML or web script via the login request, which is recorded in a log file but not properly handled when the administrator views the log file. | |||||
| CVE-2005-0481 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to read log files via the fn parameter in a direct request to the ComGetLogFile.php3 script. | |||||
| CVE-2005-0482 | 1 Trackercam | 1 Trackercam | 2017-07-11 | 5.0 MEDIUM | N/A |
| TrackerCam 5.12 and earlier allows remote attackers to cause a denial of service (crash) via (1) a large number of connections with a negative Content-Length header, possibly triggering an integer signedness error, or (2) a large amount of data. | |||||
| CVE-2005-0483 | 1 Glftpd | 1 Glftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command. | |||||
| CVE-2005-0486 | 1 Tarantella | 2 Secure Global Desktop, Tarantella Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme. | |||||
| CVE-2005-0624 | 1 Debian | 1 Reportbug | 2017-07-11 | 2.1 LOW | N/A |
| reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords. | |||||
| CVE-2005-0487 | 1 Kayako | 1 Esupport | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter. | |||||
| CVE-2005-0491 | 1 Knox Software | 1 Arkeia Server Backup | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request. | |||||
| CVE-2005-0494 | 1 Thomson | 1 Thomson Cable Modem | 2017-07-11 | 7.5 HIGH | N/A |
| The RgSecurity form in the HTTP server for the Thomson TCW690 cable modem running firmware 2.1 and software ST42.03.0a does not properly validate the password before performing changes, which allows remote attackers on the LAN to gain access via a direct POST request. | |||||
| CVE-2005-0495 | 1 Zeroboard | 1 Zeroboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php. | |||||
| CVE-2005-0496 | 1 Knox Software | 1 Arkeia | 2017-07-11 | 7.5 HIGH | N/A |
| Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands. | |||||
| CVE-2005-0497 | 1 Adp | 1 Elite System Max 9000 | 2017-07-11 | 7.2 HIGH | N/A |
| ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory. | |||||
| CVE-2005-0498 | 1 Gigafast Ethernet | 1 Gigafast Router | 2017-07-11 | 7.5 HIGH | N/A |
| Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext. | |||||
| CVE-2005-0499 | 1 Gigafast Ethernet | 1 Gigafast Router | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gigafast router (aka CompUSA router) with the DNS proxy option enabled allows remote attackers to cause a denial of service via malformed DNS queries. | |||||
| CVE-2005-0502 | 1 Xinkaa Web Station | 1 Xinkaa Web Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows remote attackers to read arbitrary files via (1) ../ and (2) ..\ characters in an HTTP request. | |||||
| CVE-2005-0782 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. | |||||
| CVE-2005-0817 | 1 Symantec | 4 Enterprise Firewall, Gateway Security 5300, Gateway Security 5400 and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites. | |||||
| CVE-2005-0519 | 1 Argosoft | 1 Ftp Server | 2017-07-11 | 10.0 HIGH | N/A |
| ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read arbitrary files by uploading a ZIP file containing a shortcut (.LNK) file, using SITE UNZIP to extract the .LNK file onto the server, then accessing the file, a different vulnerability than CVE-2005-0520. | |||||
| CVE-2005-0520 | 1 Argosoft | 1 Ftp Server | 2017-07-11 | 10.0 HIGH | N/A |
| ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read arbitrary files via shortcut (.LNK) files in the SITE COPY command, a different vulnerability than CVE-2005-0519. | |||||
| CVE-2005-0565 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-11 | 7.5 HIGH | N/A |
| The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension. | |||||
| CVE-2005-0569 | 1 Punbb | 1 Punbb | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php. | |||||
| CVE-2005-0570 | 1 Punbb | 1 Punbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL. | |||||
| CVE-2004-2600 | 2 Hp, Intel | 22 Carrier Grade Server Cc2300, Carrier Grade Server Cc3300, Carrier Grade Server Cc3310 and 19 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. | |||||
| CVE-2005-0571 | 1 Punbb | 1 Punbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter. | |||||
| CVE-2005-0572 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message. | |||||
| CVE-2005-0818 | 1 Punbb | 1 Punbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters. | |||||
| CVE-2005-0599 | 1 Cisco | 1 Application And Content Networking Software | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets. | |||||
| CVE-2005-0601 | 1 Cisco | 1 Application And Content Networking Software | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers to gain access. | |||||
| CVE-2005-0606 | 1 Devellion | 1 Cubecart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters. | |||||
| CVE-2005-0019 | 1 Yongguang Zhang | 1 Hztty | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | |||||
| CVE-2005-0607 | 1 Devellion | 1 Cubecart | 2017-07-11 | 5.0 MEDIUM | N/A |
| CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0016 | 1 Gatos | 1 Gatos | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code. | |||||
| CVE-2005-0015 | 1 Crosswire Bible Society | 1 Sword | 2017-07-11 | 7.5 HIGH | N/A |
| diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2005-0020 | 2 Mandrakesoft, Playmidi | 3 Mandrake Linux, Mandrake Linux Corporate Server, Playmidi | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. | |||||
| CVE-2005-0023 | 1 Gnome | 2 Libvte4, Libzvt2 | 2017-07-11 | 2.1 LOW | N/A |
| gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed. | |||||
| CVE-2005-0033 | 1 Isc | 1 Bind | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | |||||
| CVE-2005-0034 | 1 Isc | 1 Bind | 2017-07-11 | 4.3 MEDIUM | N/A |
| An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | |||||
| CVE-2005-0043 | 1 Apple | 1 Itunes | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | |||||
| CVE-2005-0071 | 1 Vdr | 1 Vdr | 2017-07-11 | 5.0 MEDIUM | N/A |
| vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files. | |||||
| CVE-2005-0072 | 1 Ejoy And Hu Yong | 1 Zhcon | 2017-07-11 | 2.1 LOW | N/A |
| zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files. | |||||
| CVE-2005-0076 | 1 Debian | 1 Debian Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. | |||||
| CVE-2005-0079 | 1 Xtrlock | 1 Xtrlock | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session. | |||||
| CVE-2005-0012 | 1 Dillo | 1 Dillo Web Browser | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. | |||||
| CVE-2005-0083 | 1 Mysql | 1 Maxdb | 2017-07-11 | 5.0 MEDIUM | N/A |
| MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. | |||||