Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2017 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 10.0 HIGH | N/A |
| Symantec AntiVirus 9 Corporate Edition allows local users to gain privileges via the "Scan for viruses" option, which launches a help window with raised privileges, a re-introduction of a vulnerability that was originally identified and addressed by CVE-2002-1540. | |||||
| CVE-2005-1932 | 1 Lpanel | 1 Lpanel | 2008-09-05 | 2.1 LOW | N/A |
| Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php. | |||||
| CVE-2005-2019 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. | |||||
| CVE-2005-2021 | 1 Cpanel | 1 Cpanel | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter in the login page. | |||||
| CVE-2005-2024 | 1 Vipul | 1 Razor-agents | 2008-09-05 | 5.0 MEDIUM | N/A |
| Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type. | |||||
| CVE-2005-2026 | 1 Enterasys | 1 Vertical Horizon-2402s | 2008-09-05 | 7.5 HIGH | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges. | |||||
| CVE-2005-2027 | 1 Enterasys | 1 Vertical Horizon-2402s | 2008-09-05 | 5.0 MEDIUM | N/A |
| Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry. | |||||
| CVE-2005-2029 | 1 Amarok | 1 Web Frontend | 2008-09-05 | 7.5 HIGH | N/A |
| amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file. | |||||
| CVE-2005-2031 | 1 Socialmpn | 1 Socialmpn | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or (6) artid parameter to sections.php, (7) siteid parameter to index.php, or (8) sid parameter to friend.php. | |||||
| CVE-2005-2038 | 1 Fortibus | 1 Fortibus Cms | 2008-09-05 | 5.0 MEDIUM | N/A |
| Fortibus CMS 4.0.0 allows remote attackers to modify information of other users, including Admin, via the "My info" page. | |||||
| CVE-2005-2039 | 1 Nanoblogger | 1 Nanoblogger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands. | |||||
| CVE-2005-2040 | 1 Telnetd | 1 Telnetd | 2008-09-05 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in the getterminaltype function in telnetd for Heimdal before 0.6.5 may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2005-0468 and CVE-2005-0469. | |||||
| CVE-2005-2042 | 1 Ajax-spell | 1 Ajax-spell | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML tags. | |||||
| CVE-2005-2043 | 1 Xampp | 1 Apache Distribution | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php. | |||||
| CVE-2005-2054 | 1 Realnetworks | 2 Realone Player, Realplayer | 2008-09-05 | 5.1 MEDIUM | N/A |
| Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and RealOne Player v1 and v2 allows remote attackers to overwrite arbitrary files or execute arbitrary ActiveX controls via a crafted MP3 file. | |||||
| CVE-2005-2055 | 1 Realnetworks | 2 Realone Player, Realplayer | 2008-09-05 | 5.0 MEDIUM | N/A |
| RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne Player v1 and v2 allows remote malicious web server to create an arbitrary HTML file that executes an RM file via "default settings of earlier Internet Explorer browsers". | |||||
| CVE-2005-2068 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 5.0 MEDIUM | N/A |
| FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. | |||||
| CVE-2005-2070 | 1 Sendmail | 1 Sendmail | 2008-09-05 | 5.0 MEDIUM | N/A |
| The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. | |||||
| CVE-2005-2073 | 1 Ibm | 1 Db2 | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through 8.2.2 allows local users with SELECT privileges to conduct unauthorized activities and insert, update or delete table contents. | |||||
| CVE-2005-2078 | 1 Sofotex | 1 Bisonftp | 2008-09-05 | 2.1 LOW | N/A |
| BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument. | |||||
| CVE-2005-2079 | 1 Symantec Veritas | 1 Backup Exec | 2008-09-05 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2080 | 1 Symantec Veritas | 1 Backup Exec | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in VERITAS Backup Exec 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for NetWare, allows remote attackers to gain privileges by copying the handle for the server. | |||||
| CVE-2005-2135 | 1 Etoshop | 1 Dynamic Biz Website Builder Quickweb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters. | |||||
| CVE-2005-2136 | 1 Raritan | 1 Dominion | 2008-09-05 | 4.6 MEDIUM | N/A |
| Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute arbitrary code as other users. | |||||
| CVE-2005-2137 | 1 Nateon | 1 Nateon Messenger | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors. | |||||
| CVE-2005-2138 | 1 Comdev | 1 Comdev Ecommerce | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message. | |||||
| CVE-2005-2140 | 1 Fsboard | 1 Fsboard | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter. | |||||
| CVE-2005-2141 | 1 Jollybox.de | 1 Tcp Chat | 2008-09-05 | 5.0 MEDIUM | N/A |
| TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow. | |||||
| CVE-2005-2044 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php. | |||||
| CVE-2005-1674 | 1 Ubertec | 1 Help Center Live | 2008-09-05 | 7.5 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live allows remote attackers to perform actions as the administrator via a link or IMG tag to view.php. | |||||
| CVE-2005-1388 | 1 Survivor | 1 Survivor | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1443 | 1 Invision Power Services | 1 Invision Power Board | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters. | |||||
| CVE-2005-1399 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | |||||
| CVE-2005-1400 | 1 Freebsd | 1 Freebsd | 2008-09-05 | 4.6 MEDIUM | N/A |
| The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | |||||
| CVE-2005-1401 | 1 Mtp-target | 1 Mtp-target | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text. | |||||
| CVE-2005-1402 | 1 Mtp-target | 1 Mtp-target | 2008-09-05 | 5.0 MEDIUM | N/A |
| Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison. | |||||
| CVE-2005-1403 | 1 Just Williams | 1 Amazon Webstore | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie. | |||||
| CVE-2005-1404 | 1 Myphp Forum | 1 Myphp Forum | 2008-09-05 | 5.0 MEDIUM | N/A |
| MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php. | |||||
| CVE-2005-1444 | 1 Sitepanel | 1 Sitepanel | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php. | |||||
| CVE-2005-1407 | 1 Skype Technologies | 1 Skype | 2008-09-05 | 4.6 MEDIUM | N/A |
| Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application. | |||||
| CVE-2005-1412 | 1 Ecomm | 1 Professional Guestbook | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter. | |||||
| CVE-2005-1415 | 1 Globalscape | 1 Secure Ftp Server | 2008-09-05 | 10.0 HIGH | N/A |
| Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command. | |||||
| CVE-2005-1417 | 1 Maxwebportal | 1 Maxwebportal | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp. | |||||
| CVE-2005-1419 | 1 Ocean12 Technologies | 1 Mailing List Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. | |||||
| CVE-2005-1420 | 1 Raysoft | 1 Video Cam Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space). | |||||
| CVE-2005-1421 | 1 Raysoft | 1 Video Cam Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request. | |||||
| CVE-2005-1422 | 1 Raysoft | 1 Video Cam Server | 2008-09-05 | 7.5 HIGH | N/A |
| Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html. | |||||
| CVE-2005-1423 | 1 Software602 | 1 602lan Suite | 2008-09-05 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter. | |||||
| CVE-2005-1429 | 1 Abczone.it | 1 Wwwguestbook | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1433 | 1 Hp | 1 Openview Event Correlation Services | 2008-09-05 | 4.6 MEDIUM | N/A |
| Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code. | |||||