Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3719 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2016-10-18 | 4.6 MEDIUM | N/A |
| Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator password of "0000", which allows attackers with physical access to obtain sensitive information and modify the phone's configuration. | |||||
| CVE-2005-3584 | 1 Phpwebthings | 1 Phpwebthings | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings 1.4.4 allows remote attackers to inject arbitrary web script or HTML via the forum parameter. | |||||
| CVE-2005-3592 | 1 Cutephp | 1 Cutenews | 2016-10-18 | 5.0 MEDIUM | N/A |
| index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain the path of the installation path of the application by triggering an error message, such as by entering multiple ../ (dot dot slash) in the archive parameter. | |||||
| CVE-2005-3681 | 1 Xoops | 1 Wf-downloads | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter. | |||||
| CVE-2005-3586 | 1 Mambo | 1 Mambo | 2016-10-18 | 5.0 MEDIUM | N/A |
| content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to obtain the installation path of the application via a URL that causes the application to return an error. | |||||
| CVE-2005-3721 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2016-10-18 | 5.0 MEDIUM | N/A |
| The default configuration of the HTTP server in Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not require authentication for sensitive configuration pages, which allows remote attackers to modify configuration. | |||||
| CVE-2005-3722 | 1 Hitachi | 1 Ip5000 Voip Wifi Phone | 2016-10-18 | 7.5 HIGH | N/A |
| The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows remote attackers to gain read or write access to system configuration using arbitrary SNMP credentials. | |||||
| CVE-2005-3489 | 1 Asus | 1 Video Security Online | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string. | |||||
| CVE-2005-3490 | 1 Asus | 1 Video Security Online | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL. | |||||
| CVE-2005-3513 | 1 Vubb | 1 Vubb | 2016-10-18 | 5.0 MEDIUM | N/A |
| index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote ('). | |||||
| CVE-2005-3420 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement. | |||||
| CVE-2005-3405 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-18 | 7.5 HIGH | N/A |
| ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability. | |||||
| CVE-2005-3418 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables. | |||||
| CVE-2005-3386 | 1 Techno Dreams | 1 Web Directory | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | |||||
| CVE-2005-3381 | 1 Ukranian National Antivirus | 1 Una | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3502 | 1 Cerberus | 1 Cerberus Helpdesk | 2016-10-18 | 5.0 MEDIUM | N/A |
| attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter. | |||||
| CVE-2005-3382 | 1 Sophos | 1 Sophos Anti-virus | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3400 | 1 Fortinet | 1 Fortinet | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3401 | 1 Thehacker | 1 Thehacker | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3493 | 1 Afsl Games | 1 Battle Carry | 2016-10-18 | 5.0 MEDIUM | N/A |
| Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that is listening on the server's UDP port. | |||||
| CVE-2005-3385 | 1 Techno Dreams | 1 Mailing List | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | |||||
| CVE-2005-3404 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php. | |||||
| CVE-2005-3416 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail. | |||||
| CVE-2005-3417 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables. | |||||
| CVE-2005-3383 | 1 Techno Dreams | 1 Announcement Script | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | |||||
| CVE-2005-3384 | 1 Techno Dreams | 1 Techno Dreams Guest Book | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp. | |||||
| CVE-2005-3419 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized. | |||||
| CVE-2005-3402 | 1 Mozilla | 1 Thunderbird | 2016-10-18 | 2.6 LOW | N/A |
| The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication. | |||||
| CVE-2005-3399 | 1 Cat | 1 Quick Heal | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3432 | 1 Thomas Rybak | 1 Minigal 2 | 2016-10-18 | 5.0 MEDIUM | N/A |
| MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all. | |||||
| CVE-2005-3433 | 1 Mirabilis | 1 Icq | 2016-10-18 | 5.1 MEDIUM | N/A |
| Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields. | |||||
| CVE-2005-3403 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php. | |||||
| CVE-2005-3486 | 1 Scorched 3d | 1 Scorched 3d | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors. | |||||
| CVE-2005-3487 | 1 Scorched 3d | 1 Scorched 3d | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors. | |||||
| CVE-2005-3484 | 1 Nero | 1 Neronet | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences. | |||||
| CVE-2005-3512 | 1 Vubb | 1 Vubb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action. | |||||
| CVE-2005-3488 | 1 Scorched 3d | 1 Scorched 3d | 2016-10-18 | 7.8 HIGH | N/A |
| Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check in ServerConnectHandler.cpp. | |||||
| CVE-2005-3375 | 1 Ikarus | 1 Ikarus Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3306 | 1 Flatnuke | 1 Flatnuke | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814. NOTE: it is possible that this XSS is a resultant vulnerability of CVE-2005-3307. | |||||
| CVE-2005-3370 | 1 Arcavir | 1 Arcavir 2005 | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3329 | 1 Rsa | 1 Authentication Agent For Web | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. | |||||
| CVE-2005-3230 | 1 Panda | 1 Activescan | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Panda Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3231 | 1 Cat | 1 Quick Heal | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of CAT Quick Heal allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3232 | 1 Thehacker | 1 Thehacker | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of TheHacker allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3233 | 1 Trustix | 1 Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2005-3328 | 1 Punbb | 1 Punbb | 2016-10-18 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. | |||||
| CVE-2005-3364 | 1 Platinum | 1 Dboardgear | 2016-10-18 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php. | |||||
| CVE-2005-3371 | 1 Grisoft | 1 Avg Antivirus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3376 | 1 Kaspersky Lab | 1 Kaspersky Anti-virus | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||
| CVE-2005-3380 | 1 Panda | 1 Titanium 2005 | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug." | |||||