Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3067 | 1 Scriptsolutions | 1 Perldiver | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver 2.x allows remote attackers to inject arbitrary web script or HTML via the module parameter. | |||||
| CVE-2005-2764 | 1 Openttd | 1 Openttd | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2005-3042 | 2 Usermin, Webmin | 2 Usermin, Webmin | 2011-03-08 | 7.5 HIGH | N/A |
| miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). | |||||
| CVE-2005-3123 | 1 Gnu | 1 Gnump3d | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed. | |||||
| CVE-2005-2990 | 1 Linecontrol | 1 Java Client | 2011-03-08 | 2.1 LOW | N/A |
| AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user passwords in log files. | |||||
| CVE-2005-2989 | 1 Deluxebb | 1 Deluxebb | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php. | |||||
| CVE-2005-3002 | 1 Xclusive-software | 1 Mccs | 2011-03-08 | 5.0 MEDIUM | N/A |
| Multi-Computer Control System (MCCS) 1.0 allows remote attackers to cause a denial of service via a malformed UDP packet. | |||||
| CVE-2005-3098 | 1 Qualcomm | 1 Qpopper | 2011-03-08 | 4.6 MEDIUM | N/A |
| poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument. | |||||
| CVE-2005-2931 | 1 Ipswitch | 2 Imail Server, Ipswitch Collaboration Suite | 2011-03-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the SMTP service in IMail Server 8.20 in Ipswitch Collaboration Suite (ICS) before 2.02 allows remote attackers to execute arbitrary code via format string specifiers to the (1) EXPN, (2) MAIL, (3) MAIL FROM, and (4) RCPT TO commands. | |||||
| CVE-2005-3149 | 1 Uim | 1 Uim | 2011-03-08 | 4.6 MEDIUM | N/A |
| Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges. | |||||
| CVE-2005-3066 | 1 Scriptsolutions | 1 Perldiver | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver 1.x allows remote attackers to inject arbitrary web script or HTML via the query string. NOTE: this issue was originally disputed by the vendor, but it has since been acknowledged. | |||||
| CVE-2005-3189 | 1 Qualcomm | 1 Worldmail Imap Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command. | |||||
| CVE-2005-3187 | 1 Bluecoat | 1 Winproxy | 2011-03-08 | 5.0 MEDIUM | N/A |
| The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read. | |||||
| CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2011-03-08 | 7.2 HIGH | N/A |
| ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. | |||||
| CVE-2005-2627 | 1 Kismet | 1 Kismet | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows. | |||||
| CVE-2005-2314 | 1 Phpsftpd | 1 Phpsftpd | 2011-03-08 | 7.5 HIGH | N/A |
| inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response. | |||||
| CVE-2005-2661 | 1 Up-imapproxy | 1 Up-imapproxy | 2011-03-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line. | |||||
| CVE-2005-2616 | 1 Ezupload | 1 Ezupload | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php. | |||||
| CVE-2005-2342 | 1 Rim | 2 Blackberry Enterprise Server, Blackberry Router | 2011-03-08 | 7.8 HIGH | N/A |
| Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets. | |||||
| CVE-2005-2626 | 1 Kismet | 1 Kismet | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID. | |||||
| CVE-2005-2343 | 1 Rim | 3 Blackberry, Blackberry Desktop Manager, Blackberry Device Software | 2011-03-08 | 2.6 LOW | N/A |
| Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed. | |||||
| CVE-2005-2603 | 1 My Image Gallery | 1 My Image Gallery | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters. | |||||
| CVE-2005-2604 | 1 My Image Gallery | 1 My Image Gallery | 2011-03-08 | 5.0 MEDIUM | N/A |
| index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to obtain the web server path via certain currDir and image arguments, which leaks the path in an error message. | |||||
| CVE-2005-2606 | 1 Phlymail | 1 Phlymail | 2011-03-08 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors. | |||||
| CVE-2005-1893 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | |||||
| CVE-2005-1915 | 1 Log4sh | 1 Log4sh | 2011-03-08 | 2.1 LOW | N/A |
| The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames. | |||||
| CVE-2005-1896 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | |||||
| CVE-2005-1895 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. | |||||
| CVE-2005-1894 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker. | |||||
| CVE-2005-1892 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 6.4 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||||
| CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | |||||
| CVE-2005-2020 | 1 3com | 1 3c15100d | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | |||||
| CVE-2005-2037 | 1 Fortibus | 1 Fortibus Cms | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | |||||
| CVE-2005-1930 | 1 Trend Micro | 1 Serverprotect | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter. | |||||
| CVE-2005-2139 | 1 Pavsta | 1 Pavsta Auto Site | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. | |||||
| CVE-2005-1874 | 1 Evan Wagner | 1 Dzip | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive. | |||||
| CVE-2005-2074 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php. | |||||
| CVE-2005-2075 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0. | |||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2011-03-08 | 6.4 MEDIUM | N/A |
| Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-2170 | 1 Ibm | 1 Tivoli Management Framework | 2011-03-08 | 5.0 MEDIUM | N/A |
| The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data. | |||||
| CVE-2005-2157 | 1 Nabocorp | 1 Nabopoll | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2005-2149 | 1 The Cacti Group | 1 Cacti | 2011-03-08 | 10.0 HIGH | N/A |
| config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | |||||
| CVE-2005-1906 | 1 Livingmailing | 1 Livingmailing | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement is no longer available. | |||||
| CVE-2005-2076 | 1 Hp | 1 Version Control Repository Manager | 2011-03-08 | 2.1 LOW | N/A |
| HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen. | |||||
| CVE-2005-1603 | 1 Niteenterprises | 1 Remote File Manager | 2011-03-08 | 5.0 MEDIUM | N/A |
| NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080. | |||||
| CVE-2005-1646 | 1 Fastream | 1 Netfile Ftp Web Server | 2011-03-08 | 7.5 HIGH | N/A |
| The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service. | |||||
| CVE-2005-1807 | 1 Phpmailer | 1 Phpmailer | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. | |||||
| CVE-2005-1730 | 1 Novell | 1 Imanager | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
| CVE-2005-1825 | 1 Hp | 1 Radia Client | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process. | |||||
| CVE-2005-1796 | 1 Ettercap | 1 Ettercap | 2011-03-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. | |||||