Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2630 | 1 Realnetworks | 2 Realone Player, Realplayer | 2017-07-11 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and 10.5 and RealOne Player 1 and 2 allows remote attackers to execute arbitrary code via a crafted RealPlayer Skin (RJS) file, a different vulnerability than CVE-2004-1094. | |||||
| CVE-2005-2632 | 1 Mediabox404 | 1 Mediabox404 | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field. | |||||
| CVE-2005-2634 | 1 Winftp Server | 1 Winftp Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request. | |||||
| CVE-2005-2635 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a .. (dot dot) in the (1) layerstyle parameter to adlayer.php or (2) language parameter to js-form.php. | |||||
| CVE-2005-2636 | 2 Phpadsnew, Phppgads | 2 Phpadsnew, Phppgads | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter. | |||||
| CVE-2005-2648 | 1 W-agora | 1 W-agora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter. | |||||
| CVE-2005-2649 | 1 Adaptive Technology Resource Centre | 1 Atutor | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php. | |||||
| CVE-2005-2651 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 7.5 HIGH | N/A |
| gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter. | |||||
| CVE-2005-2652 | 1 Phpoutsourcing | 1 Zorum | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php. | |||||
| CVE-2005-2653 | 1 Bbcaffe | 1 Bbcaffe | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message. | |||||
| CVE-2005-2657 | 1 Common-lisp-controller | 1 Common-lisp-controller | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in common-lisp-controller 4.18 and earlier allows local users to gain privileges by compiling arbitrary code in the cache directory, which is executed by another user if the user has not run Common Lisp before. | |||||
| CVE-2005-2662 | 1 Masqmail | 1 Masqmail | 2017-07-11 | 7.5 HIGH | N/A |
| masqmail before 0.2.18 allows remote attackers to execute arbitrary commands via crafted e-mail addresses that are not properly sanitized when creating a failed delivery message. | |||||
| CVE-2005-2663 | 1 Masqmail | 1 Masqmail | 2017-07-11 | 2.1 LOW | N/A |
| masqmail before 0.2.18 allows local users to overwrite arbitrary files via a symlink attack on a log file. | |||||
| CVE-2005-2687 | 1 Savewebportal | 1 Savewebportal | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php. | |||||
| CVE-2005-2694 | 1 Winace | 1 Winace | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name. | |||||
| CVE-2005-2695 | 1 Cisco | 2 Ciscoworks Management Center For Ids Sensors, Ciscoworks Monitoring Center For Security | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS). | |||||
| CVE-2005-2698 | 1 Nelogic Technologies | 1 Nephp Publisher Enterprise | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter. | |||||
| CVE-2005-2711 | 1 Iss | 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more | 2017-07-11 | 7.2 HIGH | N/A |
| ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM. | |||||
| CVE-2005-2712 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.8 HIGH | N/A |
| The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference. | |||||
| CVE-2005-2716 | 1 Nokia | 1 Affix | 2017-07-11 | 7.5 HIGH | N/A |
| The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name. | |||||
| CVE-2005-2717 | 1 Webcalendar | 1 Webcalendar | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 allows remote attackers to execute arbitrary PHP code when opening settings.php, possibly via send_reminders.php or other scripts. | |||||
| CVE-2005-2719 | 1 Flagship Industries | 1 Ventrilo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial of service (application crash) via a status packet that contains less data than specified in the packet header sent to UDP port 3784. | |||||
| CVE-2005-2720 | 1 Hauri | 4 Livecall, Virobot Advanced Server, Virobot Expert and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the ACE archive decompression library (vrAZace.dll) in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall, when compressed file scanning is enabled, allows remote attackers to execute arbitrary code via an ACE archive that contains a file with a long filename. | |||||
| CVE-2005-2721 | 1 Foojan | 1 Php Weblog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header. | |||||
| CVE-2005-2723 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth.php in PaFileDB 3.1, when authmethod is set to cookies, allows remote attackers to execute arbitrary SQL commands via the username value in the pafiledbcookie cookie. | |||||
| CVE-2005-2724 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via a file attachment that is processed by the Display feature. NOTE: the severity of this issue has been disputed by the developer. | |||||
| CVE-2005-2725 | 1 Qnx | 1 Rtos | 2017-07-11 | 2.1 LOW | N/A |
| The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier versions does not properly check permissions when the -t flag is specified, which allows local users to read arbitrary files. | |||||
| CVE-2005-2726 | 1 Ari Pikivirta | 1 Home Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Home Ftp Server 1.0.7 allows remote authenticated users to read arbitrary files via "C:\" (Windows drive letter) sequences in commands such as (1) LIST or (2) RETR. | |||||
| CVE-2005-2727 | 1 Ari Pikivirta | 1 Home Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Home Ftp Server 1.0.7 stores sensitive user information and server information in the same directory as the user's home directory, which allows remote authenticated users to obtain sensitive information by obtaining ftpmembers.lst and ftpsettings.lst. | |||||
| CVE-2005-2729 | 1 Astaro | 1 Security Linux | 2017-07-11 | 7.5 HIGH | N/A |
| The HTTP proxy in Astaro Security Linux 6.0 does not properly filter HTTP CONNECT requests to localhost, which allows remote attackers to bypass firewall rules and connect to local services. | |||||
| CVE-2005-2730 | 1 Astaro | 1 Security Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message. | |||||
| CVE-2005-2733 | 1 Alexander Palmo | 1 Simple Php Blog | 2017-07-11 | 7.5 HIGH | N/A |
| upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-2734 | 1 Gallery Project | 1 Gallery | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2735 | 1 Phpgraphy | 1 Phpgraphy | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2736 | 1 Yapig | 1 Yapig | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2737 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. | |||||
| CVE-2005-2738 | 1 Sun | 1 Java | 2017-07-11 | 5.0 MEDIUM | N/A |
| Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. | |||||
| CVE-2005-2739 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password. | |||||
| CVE-2005-2744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file. | |||||
| CVE-2005-2747 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file. | |||||
| CVE-2005-2749 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information. NOTE: it is not clear whether this issue satisfies the CVE definition of a vulnerability. | |||||
| CVE-2005-2750 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed. | |||||
| CVE-2005-2751 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 2.1 LOW | N/A |
| memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group. | |||||
| CVE-2005-2757 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." | |||||
| CVE-2005-2758 | 1 Symantec | 2 Antivirus Scan Engine, Antivirus Scan Engine For Network Attached Storage | 2017-07-11 | 10.0 HIGH | N/A |
| Integer signedness error in the administrative interface for Symantec AntiVirus Scan Engine 4.0 and 4.3 allows remote attackers to execute arbitrary code via crafted HTTP headers with negative values, which lead to a heap-based buffer overflow. | |||||
| CVE-2005-2767 | 1 Leapware | 1 Leapftp | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in LeapFTP allows remote attackers to execute arbitrary code via a long Host string in a Site Queue (.lsq) file. | |||||
| CVE-2005-2768 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length. | |||||
| CVE-2005-2772 | 1 University Of Minnesota | 1 Gopher | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function. | |||||
| CVE-2005-2773 | 1 Hp | 1 Openview Network Node Manager | 2017-07-11 | 7.5 HIGH | N/A |
| HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl. | |||||
| CVE-2005-2774 | 1 Lithium Software | 1 Lithium Ii Mod | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the nickname. | |||||