Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2627 | 1 Kismet | 1 Kismet | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows. | |||||
| CVE-2005-2626 | 1 Kismet | 1 Kismet | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Kismet before 2005-08-R1 allows remote attackers to have an unknown impact via unprintable characters in the SSID. | |||||
| CVE-2005-2759 | 1 Symantec | 1 Norton Antivirus | 2011-03-08 | 7.2 HIGH | N/A |
| ** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton AntiVirus 9.0.3 on Macintosh runs setuid when executing Java programs, which allows local users to gain privileges. NOTE: due to a CNA error, this candidate was also originally assigned to an issue in DiskMountNotify. Use CVE-2005-3270 for the DiskMountNotify issue, and CVE-2005-2759 for the LiveUpdate issue. | |||||
| CVE-2005-2752 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2011-03-08 | 2.1 LOW | N/A |
| An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406. | |||||
| CVE-2005-2314 | 1 Phpsftpd | 1 Phpsftpd | 2011-03-08 | 7.5 HIGH | N/A |
| inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to obtain the administrator's username and password by setting the do_login parameter and performing an edit action using user.php, which causes the login check to be bypassed and leaks the password in the response. | |||||
| CVE-2005-2616 | 1 Ezupload | 1 Ezupload | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php. | |||||
| CVE-2005-2661 | 1 Up-imapproxy | 1 Up-imapproxy | 2011-03-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line. | |||||
| CVE-2005-1906 | 1 Livingmailing | 1 Livingmailing | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in livingmailing 1.3 allows remote attackers to execute arbitrary SQL commands via the password. NOTE: there is little public information about this product and its vendor, and the original researcher announcement is no longer available. | |||||
| CVE-2005-2170 | 1 Ibm | 1 Tivoli Management Framework | 2011-03-08 | 5.0 MEDIUM | N/A |
| The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint allows remote attackers to cause a denial of service (process exit and connection loss) by connecting to LCF and ending the connection without sending any data. | |||||
| CVE-2005-1915 | 1 Log4sh | 1 Log4sh | 2011-03-08 | 2.1 LOW | N/A |
| The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames. | |||||
| CVE-2005-1874 | 1 Evan Wagner | 1 Dzip | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Dzip before 2.9 allows remote attackers to create arbitrary files via a filename containing a .. (dot dot) in a .dz archive. | |||||
| CVE-2005-2149 | 1 The Cacti Group | 1 Cacti | 2011-03-08 | 10.0 HIGH | N/A |
| config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | |||||
| CVE-2005-2020 | 1 3com | 1 3c15100d | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. | |||||
| CVE-2005-2022 | 1 Sun | 2 Iplanet Messaging Server, One Messaging Server | 2011-03-08 | 4.3 MEDIUM | N/A |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2005-2176 | 1 Novell | 1 Netmail | 2011-03-08 | 6.4 MEDIUM | N/A |
| Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | |||||
| CVE-2005-2157 | 1 Nabocorp | 1 Nabopoll | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter. | |||||
| CVE-2005-1892 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 6.4 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive information via (1) a direct request to foot_news.php, which triggers an infinite loop, or (2) direct requests to unknown scripts, which reveals the web document root in an error message. | |||||
| CVE-2005-1896 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter. | |||||
| CVE-2005-1893 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 5.0 MEDIUM | N/A |
| FlatNuke 2.5.3 allows remote attackers to obtain sensitive information via invalid parameters to certain scripts, which leaks the web document root in an error message. | |||||
| CVE-2005-2139 | 1 Pavsta | 1 Pavsta Auto Site | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. | |||||
| CVE-2005-1895 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows remote attackers to inject arbitrary web script or HTML via the border or back parameters to (1) help.php or (2) footer.php. | |||||
| CVE-2005-2074 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php. | |||||
| CVE-2005-2076 | 1 Hp | 1 Version Control Repository Manager | 2011-03-08 | 2.1 LOW | N/A |
| HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not properly handle the "@" character in a proxy password, which could allow attackers with physical access to obtain portions of the password when it is displayed to the screen. | |||||
| CVE-2005-2075 | 1 Php Fusion | 1 Php Fusion | 2011-03-08 | 5.0 MEDIUM | N/A |
| PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0. | |||||
| CVE-2005-1889 | 1 Sun | 1 Java System Web Server | 2011-03-08 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. | |||||
| CVE-2005-1894 | 1 Flatnuke | 1 Flatnuke | 2011-03-08 | 7.5 HIGH | N/A |
| Direct code injection vulnerability in FlatNuke 2.5.3 allows remote attackers to execute arbitrary PHP code by placing the code into the Referer header of an HTTP request, which causes the code to be injected into referer.php, which can then be accessed by the attacker. | |||||
| CVE-2005-2037 | 1 Fortibus | 1 Fortibus Cms | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow remote attackers to execute arbitrary SQL commands via (1) the username or password to logon.asp, (2) WeeklyNotesDisplay.asp, or (3) the Search page. | |||||
| CVE-2005-1930 | 1 Trend Micro | 1 Serverprotect | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Crystal Report component (rptserver.asp) in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE parameter. | |||||
| CVE-2005-1517 | 1 Cisco | 1 Firewall Services Module | 2011-03-08 | 7.5 HIGH | N/A |
| Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs). | |||||
| CVE-2005-1709 | 1 Bluecoat | 1 Reporter | 2011-03-08 | 7.5 HIGH | N/A |
| Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote unauthenticated attackers to add a license. | |||||
| CVE-2005-1805 | 1 Online Solutions For Educators | 1 Online Solutions For Educators | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in login.asp in an unknown product by Online Solutions for Educators (OS4E) allows remote attackers to execute arbitrary SQL commands via the password. | |||||
| CVE-2005-1807 | 1 Phpmailer | 1 Phpmailer | 2011-03-08 | 5.0 MEDIUM | N/A |
| The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier allows remote attackers to cause a denial of service (infinite loop leading to memory and CPU consumption) via a long header field. | |||||
| CVE-2005-1826 | 1 Hp | 1 Radia Client | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension. | |||||
| CVE-2005-1579 | 1 Apple | 1 Quicktime | 2011-03-08 | 5.0 MEDIUM | N/A |
| Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker. | |||||
| CVE-2005-1603 | 1 Niteenterprises | 1 Remote File Manager | 2011-03-08 | 5.0 MEDIUM | N/A |
| NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080. | |||||
| CVE-2005-1642 | 1 Woltlab | 1 Burning Board | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable. | |||||
| CVE-2005-1646 | 1 Fastream | 1 Netfile Ftp Web Server | 2011-03-08 | 7.5 HIGH | N/A |
| The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service. | |||||
| CVE-2005-1707 | 1 Gentoo | 1 Linux Webapp-config | 2011-03-08 | 4.6 MEDIUM | N/A |
| The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file. | |||||
| CVE-2005-1714 | 1 Netwin | 1 Surgemail | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-1730 | 1 Novell | 1 Imanager | 2011-03-08 | 9.3 HIGH | N/A |
| Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112. | |||||
| CVE-2005-1741 | 1 Gearbox Software | 1 Halo Combat Evolved | 2011-03-08 | 5.0 MEDIUM | N/A |
| Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to cause a denial of service (infinite loop) via malformed data. | |||||
| CVE-2005-1756 | 1 Novell | 1 Netmail | 2011-03-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the ModWeb agent for Novell NetMail 3.52 before 3.52C allows remote attackers to inject arbitrary web script or HTML via calendar display fields. | |||||
| CVE-2005-1757 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the Modweb agent for Novell NetMail 3.52 before 3.52C, when renaming folders, may allow attackers to execute arbitrary code. | |||||
| CVE-2005-1758 | 1 Novell | 1 Netmail | 2011-03-08 | 7.5 HIGH | N/A |
| Buffer overflow in the IMAP command continuation function in Novell NetMail 3.52 before 3.52C may allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-1785 | 1 Zongg | 1 Zongg | 2011-03-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote attackers to execute arbitrary SQL commands via the password parameter. | |||||
| CVE-2005-1796 | 1 Ettercap | 1 Ettercap | 2011-03-08 | 7.5 HIGH | N/A |
| Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-1825 | 1 Hp | 1 Radia Client | 2011-03-08 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process. | |||||
| CVE-2005-1453 | 1 Leafnode | 1 Leafnode | 2011-03-08 | 5.0 MEDIUM | N/A |
| fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers. | |||||
| CVE-2005-1341 | 1 Apple | 3 Mac Os X, Mac Os X Server, Terminal | 2011-03-08 | 5.1 MEDIUM | N/A |
| Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences. | |||||
| CVE-2005-1416 | 1 Soft3304 | 1 04webserver | 2011-03-08 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. | |||||