Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2962 | 1 Ntlmaps | 1 Ntlmaps | 2008-09-05 | 2.1 LOW | N/A |
| The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password. | |||||
| CVE-2005-3085 | 1 Riverdark Studios | 1 Rss Syndicator Module | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters. | |||||
| CVE-2005-3084 | 1 Sony | 1 Playstation Portable | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. | |||||
| CVE-2005-3155 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and Professional 1.6 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-3279 | 1 Jan Kybic | 1 Bitmap Viewer | 2008-09-05 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the vgasco_printf function in Jan Kybic BitMap Viewer (BMV) 1.2, when compiled with the M_UNIX flag and running setuid, allows local users to gain privileges via a long filename in the -b command line option. | |||||
| CVE-2005-3081 | 1 Wzdftpd | 1 Wzdftpd | 2008-09-05 | 4.6 MEDIUM | N/A |
| wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. | |||||
| CVE-2005-3080 | 1 Geshi | 1 Geshi | 2008-09-05 | 5.0 MEDIUM | N/A |
| contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. | |||||
| CVE-2005-3079 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.6 MEDIUM | N/A |
| PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. | |||||
| CVE-2005-3078 | 1 Punbb | 1 Punbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows remote attackers to inject arbitrary web script or HTML via the "forgotten e-mail" feature. | |||||
| CVE-2005-3077 | 1 Microsoft | 1 Ie For Macintosh | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI. | |||||
| CVE-2005-3076 | 1 Simplog | 1 Simplog | 2008-09-05 | 7.5 HIGH | N/A |
| Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php. | |||||
| CVE-2005-3075 | 1 Mpc-donkey | 1 Zengaia | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Zengaia before 0.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2005-3074 | 1 Rsyslog | 1 Rsyslogd | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and before 1.10.1 allows remote attackers to execute arbitrary SQL commands via crafted syslog messages. | |||||
| CVE-2005-3070 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 3.6 LOW | N/A |
| HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file. | |||||
| CVE-2005-3069 | 1 Hylafax | 1 Hylafax | 2008-09-05 | 2.1 LOW | N/A |
| xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file. | |||||
| CVE-2005-3068 | 1 Eric Integrated Development Environment | 1 Eric Integrated Development Environment | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Eric Integrated Development Environment (eric3) before 3.7.2 has unknown impact and attack vectors related to a "potential security exploit." | |||||
| CVE-2005-3064 | 1 Multitheftauto | 1 Multitheftauto | 2008-09-05 | 5.0 MEDIUM | N/A |
| MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt). | |||||
| CVE-2005-2996 | 1 Symantec Veritas | 2 Storage Exec, Storagecentral | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple heap-based and stack-based buffer overflows in certain DCOM server components in VERITAS Storage Exec Storage Exec 5.3 before Hotfix 9 and StorageCentral 5.2 before Hot Fix 2 allow remote attackers to execute arbitrary code via certain ActiveX controls. | |||||
| CVE-2005-3040 | 1 Tac | 1 Vista | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web interface (ISALogin.dll) for TAC Vista 4.0, and possibly other versions before 4.3, allows remote attackers to read arbitrary files via ".." sequences in the Template parameter. | |||||
| CVE-2005-3039 | 1 Mall23 | 1 Mall23 | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows remote attackers to execute arbitrary SQL commands via the idPage parameter. | |||||
| CVE-2005-3038 | 1 Hosting Controller | 1 Hosting Controller | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 allows remote attackers to list and read contents of arbitrary drives, related to "the PHP vulnerability." | |||||
| CVE-2005-3037 | 1 Handy Address Book | 1 Handy Address Book Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Handy Address Book Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the SEARCHTEXT parameter in a demos URL. | |||||
| CVE-2005-3000 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php in PHP Advanced Transfer Manager 1.30 allow remote attackers to inject arbitrary web script or HTML via the (1) font, (2) normalfontcolor, or (3) mess[31] parameters. | |||||
| CVE-2005-2997 | 1 Bugada Andrea | 1 Php Advanced Transfer Manager | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in PHP Advanced Transfer Manager 1.30 allow remote attackers to read arbitrary files via ".." sequences in (1) the currentdir parameter to txt.php, or the current_dir parameter to (2) htm.php or (3) html.php. | |||||
| CVE-2005-3036 | 1 Ttxn | 1 File Transfer Anywhere | 2008-09-05 | 4.6 MEDIUM | N/A |
| File Transfer Anywhere 3.01 stores sensitive password information in plaintext in the PASS value in the "File Transfer Anywhere" registry key, which allows local users to gain privileges. | |||||
| CVE-2005-2935 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in Microsoft AntiSpyware might allow local users to execute code via a malicious c:\program.exe file, which is run by AntiSpywareMain.exe when it attempts to execute gsasDtServ.exe. NOTE: it is not clear whether this overlaps CVE-2005-2940. | |||||
| CVE-2005-2939 | 1 Vmware | 1 Workstation | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 build-13124 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder. | |||||
| CVE-2005-2940 | 1 Microsoft | 1 Antispyware | 2008-09-05 | 7.2 HIGH | N/A |
| Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 (Beta 1) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs (1) GIANTAntiSpywareMain.exe, (2) gcASNotice.exe, (3) gcasServ.exe, (4) gcasSWUpdater.exe, or (5) GIANTAntiSpywareUpdater.exe. NOTE: it is not clear whether this overlaps CVE-2005-2935. | |||||
| CVE-2005-2944 | 1 Brent Ely | 1 Gnome Workstation Command Center | 2008-09-05 | 4.6 MEDIUM | N/A |
| The perform_file_save function in GNOME Workstation Command Center (gwcc) 0.9.6 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the gwcc_out.txt temporary file. | |||||
| CVE-2005-3035 | 1 Compuware | 1 Driverstudio | 2008-09-05 | 5.0 MEDIUM | N/A |
| Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to cause a denial of service (reboot) via a UDP packet sent directly to port 9110. | |||||
| CVE-2005-3034 | 1 Compuware | 1 Driverstudio | 2008-09-05 | 7.5 HIGH | N/A |
| Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session. | |||||
| CVE-2005-3033 | 1 Cambridge Computer Corporation | 1 Vxweb | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2005-3003 | 1 Noosoftware | 1 Nootoplist | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in NooTopList 1.0.0 release 17 allows remote attackers to execute arbitrary SQL commands via the (1) o or (2) sort parameters. | |||||
| CVE-2005-3165 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients. | |||||
| CVE-2005-3015 | 1 Ibm | 2 Lotus Domino, Lotus Domino Enterprise Server | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) BaseTarget or (2) Src parameters. | |||||
| CVE-2005-3163 | 1 Polipo | 1 Polipo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers to read files outside of the web root. | |||||
| CVE-2005-3014 | 1 Ensim | 1 Webppliance | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ensim webplliance allows remote attackers to inject arbitrary web script or HTML via the Login (OCW_login_username) field. | |||||
| CVE-2005-3177 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2008-09-05 | 4.6 MEDIUM | N/A |
| CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed. | |||||
| CVE-2005-3032 | 1 Cambridge Computer Corporation | 1 Vxtftpsrv | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TFTP request with a long filename argument. | |||||
| CVE-2005-3176 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection. | |||||
| CVE-2005-3175 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.2 HIGH | N/A |
| Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator. | |||||
| CVE-2005-3031 | 1 Cambridge Computer Corporation | 1 Vxftpsrv | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute arbitrary code via a long USER name. | |||||
| CVE-2005-3008 | 1 Amar Sagoo | 1 Tofu | 2008-09-05 | 7.5 HIGH | N/A |
| Tofu 0.2 allows remote attackers to execute arbitrary Python code via crafted pickled objects, which Tofu unpickles and executes. | |||||
| CVE-2005-3168 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 7.5 HIGH | N/A |
| The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template. | |||||
| CVE-2005-3167 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 4.3 MEDIUM | N/A |
| Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not properly remove certain CSS inputs (HTML inline style attributes) that are processed as active content by Internet Explorer, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2005-3166 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in "edit submission handling" for MediaWiki 1.4.x before 1.4.10 and 1.3.x before 1.3.16 allows remote attackers to cause a denial of service (corruption of the previous submission) via a crafted URL. | |||||
| CVE-2005-3010 | 1 Cutephp | 1 Cutenews | 2008-09-05 | 7.5 HIGH | N/A |
| Direct static code injection vulnerability in the flood protection feature in inc/shows.inc.php in CuteNews 1.4.0 and earlier allows remote attackers to execute arbitrary PHP code via the HTTP_CLIENT_IP header (Client-Ip), which is injected into data/flood.db.php. | |||||
| CVE-2005-3012 | 1 Simplecdr-x | 1 Simplecdr-x | 2008-09-05 | 2.1 LOW | N/A |
| The MasterDataCD::createImage function in masterdatacd.cpp for SimpleCDR-X 1.3.3 creates the .temp temporary directory with insecure permissions, which allows local users to read sensitive ISO images. | |||||
| CVE-2005-3160 | 1 Php Fusion | 1 Php Fusion | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters. | |||||
| CVE-2005-3017 | 1 Content2web | 1 Content2web | 2008-09-05 | 4.3 MEDIUM | N/A |
| PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 allows remote attackers to include arbitrary files via the show parameter, which can lead to resultant errors such as path disclosure, SQL error messages, and cross-site scripting (XSS). | |||||