Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2594 | 1 Id Software | 1 Quake Ii Server Windows | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". | |||||
| CVE-2004-2595 | 1 Id Software | 1 Quake Ii Server Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data. | |||||
| CVE-2004-2596 | 1 Id Software | 1 Quake Ii Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | |||||
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | |||||
| CVE-2004-2599 | 1 Id Software | 1 Quake Ii Server | 2017-07-11 | 2.1 LOW | N/A |
| Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon. | |||||
| CVE-2004-2600 | 2 Hp, Intel | 22 Carrier Grade Server Cc2300, Carrier Grade Server Cc3300, Carrier Grade Server Cc3310 and 19 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, which allows remote attackers to obtain sensitive information when LAN management functionality is enabled. | |||||
| CVE-2004-2601 | 1 Ubertec | 1 Help Center Live | 2017-07-11 | 6.4 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. | |||||
| CVE-2004-2602 | 1 Ubertec | 1 Help Center Live | 2017-07-11 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php. | |||||
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. | |||||
| CVE-2004-2604 | 1 Phproxy | 1 Phproxy | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2017-07-11 | 2.1 LOW | N/A |
| aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | |||||
| CVE-2004-2606 | 1 Linksys | 2 Befsr41 V3, Wrt54g | 2017-07-11 | 7.5 HIGH | N/A |
| The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | |||||
| CVE-2005-0012 | 1 Dillo | 1 Dillo Web Browser | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page. | |||||
| CVE-2005-0015 | 1 Crosswire Bible Society | 1 Sword | 2017-07-11 | 7.5 HIGH | N/A |
| diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||||
| CVE-2005-0016 | 1 Gatos | 1 Gatos | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code. | |||||
| CVE-2005-0019 | 1 Yongguang Zhang | 1 Hztty | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. | |||||
| CVE-2005-0020 | 2 Mandrakesoft, Playmidi | 3 Mandrake Linux, Mandrake Linux Corporate Server, Playmidi | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. | |||||
| CVE-2005-0023 | 1 Gnome | 2 Libvte4, Libzvt2 | 2017-07-11 | 2.1 LOW | N/A |
| gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed. | |||||
| CVE-2005-0033 | 1 Isc | 1 Bind | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses. | |||||
| CVE-2005-0034 | 1 Isc | 1 Bind | 2017-07-11 | 4.3 MEDIUM | N/A |
| An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail. | |||||
| CVE-2005-0043 | 1 Apple | 1 Itunes | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files. | |||||
| CVE-2005-0071 | 1 Vdr | 1 Vdr | 2017-07-11 | 5.0 MEDIUM | N/A |
| vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files. | |||||
| CVE-2005-0072 | 1 Ejoy And Hu Yong | 1 Zhcon | 2017-07-11 | 2.1 LOW | N/A |
| zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files. | |||||
| CVE-2005-0076 | 1 Debian | 1 Debian Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. | |||||
| CVE-2005-0079 | 1 Xtrlock | 1 Xtrlock | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session. | |||||
| CVE-2005-0083 | 1 Mysql | 1 Maxdb | 2017-07-11 | 5.0 MEDIUM | N/A |
| MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference. | |||||
| CVE-2005-0101 | 1 Newspost | 1 Newspost | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character. | |||||
| CVE-2005-0108 | 1 Apache | 1 Mod Auth Radius | 2017-07-11 | 5.0 MEDIUM | N/A |
| Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | |||||
| CVE-2005-0112 | 1 3com | 1 3crwe454g72 | 2017-07-11 | 5.0 MEDIUM | N/A |
| The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs. | |||||
| CVE-2005-0113 | 1 Sgi | 1 Irix | 2017-07-11 | 7.2 HIGH | N/A |
| inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges. | |||||
| CVE-2005-0115 | 1 Datarescue | 1 Ida | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in DataRescue Interactive Disassembler (IDA) Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name. | |||||
| CVE-2005-0121 | 1 Alexander Siegel | 1 Golddig | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable. | |||||
| CVE-2005-0126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap. | |||||
| CVE-2005-0127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine. | |||||
| CVE-2005-0129 | 1 Berlios | 1 Konversation | 2017-07-11 | 7.5 HIGH | N/A |
| The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected. | |||||
| CVE-2005-0131 | 1 Berlios | 1 Konversation | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users. | |||||
| CVE-2005-0140 | 1 Peid | 1 Peid | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name. | |||||
| CVE-2005-0159 | 1 Debian | 2 Debian Linux, Toolchain-source | 2017-07-11 | 4.6 MEDIUM | N/A |
| The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2005-0182 | 1 Mod Dosevasive | 1 Mod Dosevasive | 2017-07-11 | 5.0 MEDIUM | N/A |
| The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2005-0183 | 1 Squirrelmail | 1 Vacation Plugin | 2017-07-11 | 7.2 HIGH | N/A |
| ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. | |||||
| CVE-2005-0184 | 1 Squirrelmail | 1 Vacation Plugin | 2017-07-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request. | |||||
| CVE-2005-0185 | 1 Mnet Soft Factory | 1 Nodemanager Professional | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field. | |||||
| CVE-2005-0187 | 1 Athoc | 1 Athoc Toolbar | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. | |||||
| CVE-2005-0188 | 1 Athoc | 1 Athoc Toolbar | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log. | |||||
| CVE-2005-0193 | 1 Isync | 1 Mrouter | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code. | |||||
| CVE-2005-0199 | 1 Ngircd | 1 Ngircd | 2017-07-11 | 7.5 HIGH | N/A |
| Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow. | |||||
| CVE-2005-0212 | 1 Amp | 1 Amp Ii 3d Game Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet. | |||||
| CVE-2005-0213 | 1 Webtoolmaster Software | 1 Winhki | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file. | |||||
| CVE-2005-0214 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter. | |||||
| CVE-2005-0215 | 1 Mozilla | 1 Mozilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value. | |||||