Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0573 | 1 Rob Flynn | 1 Gaim | 2016-10-18 | 5.0 MEDIUM | N/A |
| Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. | |||||
| CVE-2005-0540 | 1 Cyclades | 1 Alterpath Manager | 2016-10-18 | 5.0 MEDIUM | N/A |
| Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page. | |||||
| CVE-2005-0575 | 1 Stormy Studios | 1 Knet | 2016-10-18 | 7.5 HIGH | N/A |
| Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2005-0532 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types. | |||||
| CVE-2005-0516 | 1 Twiki | 1 Imagegalleryplugin | 2016-10-18 | 7.5 HIGH | N/A |
| The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote attackers to execute arbitrary commands via certain commands that generate thumbnails. | |||||
| CVE-2005-0511 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 7.5 HIGH | N/A |
| misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter. | |||||
| CVE-2005-0509 | 2 Microsoft, Mono | 2 .net Framework, Mono | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 implementation of ASP.NET (.Net) allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | |||||
| CVE-2005-0507 | 1 Gd Software | 1 Sd Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SD Server 4.0.70 and earlier allows remote attackers to read arbitrary files via .. sequences in an HTTP request. | |||||
| CVE-2005-0493 | 1 Seth M. Knorr | 1 Biz Mail Form | 2016-10-18 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter. | |||||
| CVE-2005-0429 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 5.0 MEDIUM | N/A |
| Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | |||||
| CVE-2005-0367 | 1 Argosoft | 1 Argosoft Mail Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter. | |||||
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | |||||
| CVE-2005-0417 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 10.0 HIGH | N/A |
| Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. | |||||
| CVE-2005-0430 | 1 Id Software | 1 Quake 3 Engine | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | |||||
| CVE-2005-0371 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2016-10-18 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data. | |||||
| CVE-2005-0452 | 1 Microsoft | 1 Asp.net | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | |||||
| CVE-2005-0369 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2016-10-18 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array. | |||||
| CVE-2005-0370 | 1 Armagetron | 2 Armagetron, Armagetron Advanced | 2016-10-18 | 5.0 MEDIUM | N/A |
| Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket. | |||||
| CVE-2005-0318 | 1 Alt-n | 1 Webadmin | 2016-10-18 | 2.1 LOW | N/A |
| useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter. | |||||
| CVE-2005-0252 | 1 Biborb | 1 Biborb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | |||||
| CVE-2005-0297 | 1 Oracle | 1 Database Server | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | |||||
| CVE-2005-0251 | 1 Biborb | 1 Biborb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter. | |||||
| CVE-2005-0253 | 1 Biborb | 1 Biborb | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter. | |||||
| CVE-2005-0254 | 1 Biborb | 1 Biborb | 2016-10-18 | 5.0 MEDIUM | N/A |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||
| CVE-2005-0226 | 1 Ngircd | 1 Ngircd | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-0194 | 1 Squid | 1 Squid | 2016-10-18 | 10.0 HIGH | N/A |
| Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. | |||||
| CVE-2005-0224 | 1 Hp | 1 Virtualvault | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic. | |||||
| CVE-2005-0223 | 2 Compaq, Sun | 3 Tru64, Rte, Sdk | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. | |||||
| CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2016-10-18 | 4.0 MEDIUM | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. | |||||
| CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2016-10-18 | 6.4 MEDIUM | N/A |
| Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | |||||
| CVE-2005-0110 | 1 Microsoft | 1 Ie | 2016-10-18 | 2.6 LOW | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. | |||||
| CVE-2005-0040 | 1 Dotnetnuke | 1 Dotnetnuke | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. | |||||
| CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | |||||
| CVE-2004-2136 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
| CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | |||||
| CVE-2004-2126 | 1 Iss | 1 Blackice Pc Protection | 2016-10-18 | 4.6 MEDIUM | N/A |
| The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. | |||||
| CVE-2004-2135 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
| CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. | |||||
| CVE-2004-2110 | 1 Phorum | 1 Phorum | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | |||||
| CVE-2004-2052 | 1 Esesix | 1 Thintune | 2016-10-18 | 7.5 HIGH | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. | |||||
| CVE-2004-1998 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | |||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2016-10-18 | 5.0 MEDIUM | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | |||||
| CVE-2004-1799 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 7.5 HIGH | N/A |
| PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. | |||||
| CVE-2004-1586 | 1 Jera Technology | 1 Flash Messaging Server | 2016-10-18 | 2.1 LOW | N/A |
| Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected. | |||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2016-10-18 | 7.5 HIGH | N/A |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | |||||
| CVE-2004-1604 | 1 Cpanel | 1 Cpanel | 2016-10-18 | 5.0 MEDIUM | N/A |
| cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. | |||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | |||||
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2016-10-18 | 5.0 MEDIUM | N/A |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | |||||
| CVE-2004-1497 | 1 Minihttpserver.net | 1 Web Forums Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges. | |||||